[AG-TECH] AG/OpenSSH vulnerability
olson at mcs.anl.gov
Mon Jan 7 17:47:07 CST 2002
There was an incident at at an AG site over the break where an AG linux
machine was broken into. The intruder apparently used the CRC32 attack
compensator buffer overflow exploit in the verison of the OpenSSH server
that was shipped with the AG toolkit.
There are several things you can do to protect yourself from similar attacks.
First, you can disable incoming ssh entirely:
/sbin/service sshd stop
/sbin/chkconfig sshd off
Normal operation of the AG node does not require incoming ssh to be running
on the linux boxes.
There are patched versions of the ssh server available; however, I don't
have pointers to them offhand (and I want to get this message out). ssh's
home is at openssh.org, and there are links there to both source packages
and Linux RPMs. I am looking into building RH6.2-compatible RPMs for the
latest ssh; stay tuned.
More information about the ag-tech