[AG-TECH] AG/OpenSSH vulnerability

Robert Olson olson at mcs.anl.gov
Mon Jan 7 17:47:07 CST 2002


There was an incident at at an AG site over the break where an AG linux 
machine was broken into. The intruder apparently used the CRC32 attack 
compensator buffer overflow exploit in the verison of the OpenSSH server 
that was shipped with the AG toolkit.

There are several things you can do to protect yourself from similar attacks.

First, you can disable incoming ssh entirely:

	/sbin/service sshd stop
	/sbin/chkconfig sshd off

Normal operation of the AG node does not require incoming ssh to be running 
on the linux boxes.

There are patched versions of the ssh server available; however, I don't 
have pointers to them offhand (and I want to get this message out). ssh's 
home is at openssh.org, and there are links there to both source packages 
and Linux RPMs. I am looking into building RH6.2-compatible RPMs for the 
latest ssh; stay tuned.

thanks,
--bob




More information about the ag-tech mailing list