Topic: Security update for 6.0 and 6.0.1

[Knuddi]

One of my good friends and colleagues had his SME 6.0 compromised and hijacked (web pages changed) through a SSH vulnerability.

I am not 100% sure that the files I have gathered are closing the whole(s) but thay are all the latest builds of OpenSSH and OpenSSL.

Download from:

http://sme.swerts-knudsen.dk/downloads/Updates/6.0.1/

and install via

#rpm -Uvh *.rpm

Rgds,
Jesper

[greg]

Thank you for this Jesper.
Works fine here.
Remember also to upgrade the rsync if you're using the server as anonymous rsync server.
A new rpm can be found here:
http://dungog.net/sme/files/backup-rsync/rsync-2.6.2-1.noarch.rpm
Rgds.
Greg

[raem]

Jesper
Can you or your friend do us all a favour and send the details of that security breach to security@contribs.org
I'm sure the people on that list will be interested to hear about this, especially if it really reveals a flaw in the system. If you don't report it, they won't know.
Thanks

[Jesper Knudsen]

I will work with my friend to get hold of portions of his message log as well as all the RPMs installed. What I do know is that the message log indicated a SHH user login attempt from a user called LHR that failed after which he could see index.html as well as other user/password files being modified.

His main index got changed to depitch BenLadin Air as the following text:


MusHRooM - LHR - pSico_b0y - Xterm

XXXX(edited by moderator) all GOVERNMENT
BRAZIL RULEZ

Greetz: all friends
on irc.phey.net
#M4F14

A inveja de alguns é o que nos fortalece

[byte]

bump up

[warren]

Refresh needed