On Tue, 16 Sep 2003, jhorton wrote: > Hello, > > I do not know if anyone on this list is interested in Linux security, > but, there appears to be an > exploit of OpenSSH. Linux is vulnerable. The remedy is to upgrade to > OpenSSH 3.7p1
Don't do that. Update to your distributions latest update - as long as it has the fix applied. Debian unstable has a backport to 1:3.6.1p2-6, because 3.7p1 is not ready for debian yet, given that it has major PAM updates. Debian stable is a different version again, and can be got from: deb http://security.debian.org/debian-security stable/updates main contrib non-free or the like. Your own distribution may well be OpenSSH 3.7p1, but not necessarily. Unfortunately the firewall solution won't work for everyone, if they need to be able to log in from any address. --
