I've read most of the recent discussion about Openssh 3.3p1 but haven't seen
this particular issue so...

I installed the 3.3p1 patch on several Suse 7.1 boxes, 7 in the UK that I
can reach locally yesterday and they all seem fine and 5 more in another
country that I can't get to without a plane ticket :-( Sequence of
installation was to use YOU to apply the patch while logged on via SSH on
all machines then to shutdown -r now them, wait a bit then log back on. So
far so good on all boxes. However, within 30 minutes of the reboot on the 5
machines that I cannot reach locally, 2 of them have become inaccessible.
They don't ping and nmap with the -P0 option doesn't get any response from
them. That looks pretty dead to me.

Neither of these two machines has done this before and up until now, they've
up and running for 113 days without any issue.

I can't categorically state that it is the Openssh patch that's done this
since I can't find anyone around to go and look at them to find out if
they're sitting with an Ooops message or what's wrong with them. But it's
suspicious enough that I've backed out 3.3p1 on the machines I can still get
to and gone back to 2.9.9p2-98 for now.

And, yes, if I'd read the mailing list before I put the patches on then I
probably wouldn't have bothered :-)

With issues like this, maybe Suse should pull these particular patches off
the web page/ftp site? Especially since it appears that the 2.9.9p2 rpm's
aren't vulnerable to the exploit that the advisory is meant to fix.

Trevor Hemsley,
Security Specialist,
Atos Origin Ltd,
Whyteleafe,
+44-(0)1883-628139

[This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee. If you are not the
intended addressee, you must not disclose, copy or take any action in
reliance of this transmission. If you have received this transmission in
error, please notify us by return and delete the same. The views expressed
in this electronic transmission do not necessarily reflect those of Atos
Origin or any of its subsidiary companies. Although the sender endeavours to
maintain a computer virus free network, the sender does not warrant that
this transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted. Thank You.]

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]