|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] SSH exploit
From: Vincent Danen (vdanen
mandrakesoft.com)
Date: Tue Sep 16 2003 - 13:57:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed Sep 17, 2003 at 01:56:58AM +0800, Jordan T. wrote:
> So far Engarde, IDEFENSE and Redhat have released ssh advisories and
> updated packages. When will you guys be releasing the update? Iv got 30+
> servers that are affected, waiting around for a POC exploit to test the
> patch might be a bit too late don't you think?
>
> When its release which ftp/mirror will it be on? i don't want to wait 24
> hours for my local mirror to update.
Ok, this is where we sit.
There are rumours of a remote root exploit... but just rumours. I haven't
heard anything that I would trust (yet). No exploit has publically
surfaced.
Packages are built and we're in testing mode right now. Rest assured that
the secteam and I are working like crazy to get these certified and out the
door ASAP.
We will not be using 3.7; in my mind that release was rushed to deal with
this and I don't think there has been enough QA on it. We're patching
3.6.1p2 for all supported distribs.
Barring any difficulties, I suspect the packages will be sent out to the
internal master in the next 2hrs. After that, it's up to the mirrors. =(
I'm not sure which mirror will be fastest, however. I honestly can't say
which one to try.
There is a mirror listing on MandrakeSecure that usually checks every 6hrs,
I'll be making a point (once the packages go out) to manually update the
listing every hour so you can see by viewing the page what sites are
updated.
The advisory will go out as soon as the packages are up, but there will
still be a delay getting it to the mirrors.
Please be patient. If you are nervous, the best thing you can do if
possible is to disable sshd until the new packages are out.
As well, for those who feel inclined, please do not email me directly or
email security regarding this; I've already fielded a few emails and I can
either choose to be rude and not reply or reply and delay the fixes.
I don't like being rude, so please don't make me be. =)
Thanks.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/Z10lIEPQ5f5vKv0RAj9YAJ9MN1PapkteBukKAlBhz3v7VmO4PwCfQhzz
vi4IqlRu8qh9Kh7ENEg8HgY=
=ofEU
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]