[TCLUG] SSH1 vulnerability

Fri Feb 9 11:38:25 CST 2001

eh?

$ cat /etc/apt/sources.list
#deb ftp://ftp.mn-linux.org/linux/debian woody main contrib non-free
deb http://http.us.debian.org/debian woody main contrib non-free
deb http://non-us.debian.org/debian-non-US woody/non-US main contrib
non-free
deb http://security.debian.org/debian-security stable/updates main
contrib
non-free

$ apt-get update

$ dpkg --list |grep ssh
ii  ssh            2.2.0p1-1.1    Secure rlogin/rsh/rcp replacement
(OpenSSH)

$ apt-get install ssh
Reading Package Lists...
Building Dependency Tree...
Sorry, ssh is already the newest version

Andy Zbikowski wrote:
> 
> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
> 
> In Debian fashion, the OpenSSH package in Potato has allready been fixed.
> OpenSSH prior to 2.3.0 is vulnerable.
> 
> If you don't have the security sources in /etc/apt/sources.list:
> deb http://security.debian.org/ stable/updates main contrib non-free
> deb-src http://security.debian.org/ stable/updates main contrib non-free
> 
> --
> Andy Zbikowski, Sys Admin   | (WEB) http://www.ltiflex.com
> LTI Flexible Products, Inc. | (PH)  763-428-9119 (EX) 132
> 21801 Industrial Blvd       | (FX)  763-428-9126
> Rogers, MN  55374           | (PCS) 612-306-6055

-- 
John Hawley
BGEA/ITS <=> Network Admin
612.335.1334
jhawley at bgea.org