|
Title: SECURITY: Damn you OpenSSH! (GSSAPI remote code execution vulnerability) Post by: bhodi on April 04, 2007, 10:53:56 AM You're supposed to be secure! Why you gotta make me hit you?
That's an awesome list of vulnerable systems. This is pretty big, though they claim "chance of a successful exploit of this nature is considered minimal" -- keep in mind, you've got to be running GSSAPI enabled.. like with kerberos or something. Like I do. Let's see... how many thousands of servers do we have to patch? Goody. http://www.securityfocus.com/bid/20241 Title: Re: Damn you OpenSSH! (GSSAPI remote code execution vulnerability) Post by: Yegolev on April 04, 2007, 10:57:48 AM Meh. I will get irritated by this after we close down ftp and rexec.
Title: Re: Damn you OpenSSH! (GSSAPI remote code execution vulnerability) Post by: Trippy on April 04, 2007, 05:37:15 PM OpenSSH has had its share of security holes over the years. I'm pretty sure the one time one of my Linux boxes got hacked was through a vulnerable version of OpenSSH. Fortunately for me my version of Linux was so decrepit that the l33t haxx0r code they downloaded onto my machine wouldn't even run properly.
Title: Re: Damn you OpenSSH! (GSSAPI remote code execution vulnerability) Post by: Samwise on April 04, 2007, 07:40:24 PM Security through obscurity ftw.
Title: Re: Damn you OpenSSH! (GSSAPI remote code execution vulnerability) Post by: Lantyssa on April 04, 2007, 08:36:30 PM I used to admin a VMS machine configured by someone so paranoid it had no "standard" paths. It was a bloody pain, but we were pretty certain even if someone got in they would be incapable of doing anything. We certainly weren't...
If only it hadn't been our mail server. :cry: Title: Re: SECURITY: Damn you OpenSSH! (GSSAPI remote code execution vulnerability) Post by: bhodi on April 10, 2007, 09:35:02 PM This can probably be unstickied.. it's fairly rare and probably doesn't affect many people who read this :) I was just really annoyed when I saw it.
|