Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Mark Lenan on September 17, 2003, 06:14:42 PM

Title: SSH exploit fix?
Post by: Mark Lenan on September 17, 2003, 06:14:42 PM

Sorry to repost this, managed to get it in wrong thread earlier....

Has anyone come up with a patch for the new SSH exploit or would:

wget updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-10.i386.rpm
wget updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-10.i386.rpm
wget updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-10.i386.rpm

rpm -Fvh *.rpm
/etc/rc.d/init.d/sshd-rb restart

do the trick? Do e-smith use customised versions of these?

Regards, Mark Leman

Title: Re: SSH exploit fix?
Post by: Jesper Knudsen on September 17, 2003, 06:48:01 PM

I can see that the following version are installed on my 5.6u4 bxo:

openssh-clients-3.1p1-6
openssh-3.1p1-6
openssh-server-3.1p1-6
e-smith-openssh-1.8.0-01

So there might be a need for the last e-smith specific module.

/Jesper

Title: Re: SSH exploit fix?
Post by: Randall Perry on September 17, 2003, 06:58:39 PM

That's what I did, except I restarted sshd by :
#service sshd restart

Title: Re: SSH exploit fix?
Post by: Randall Perry on September 17, 2003, 07:15:42 PM

The e-smith specific module provides:
- the templates for configuring the ssh daemon,
- console save template,
-remote-access (as to hook to the web panel) template
-add rc7.d to /etc/rc.d
-/usr/libexec (and the sftp-server)
and adds documentation to
/usr/share/doc/e-smith/openssh-1.8.0

So the only possible conflict would be with the sshd config, but
the latest patch does not affect that.

I am running fine with the RedHat 7.3 updates (or so I think ; )).

Title: Re: SSH exploit fix?
Post by: Bob King on September 18, 2003, 04:57:31 AM

On SME 5.1.2 the RPM installation fails dependencies looking for 'libcrypto.so2'

What are the correct RPMs for SME 5.1.2?

Bob

Title: Re: SSH exploit fix?
Post by: Jesper Knudsen on September 18, 2003, 02:07:10 PM

All,

The modules have already been updated so you now need to get the build 14 versions...

wget http://updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-14.i386.rpm
wget http://updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-14.i386.rpm
wget http://updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-14.i386.rpm

do the install

rpm -Fvh *.rpm

and restart the ssh deamon

service sshd restart

Rgds,
JEsper

Title: Re: SSH exploit fix?
Post by: Vic on September 19, 2003, 06:49:39 PM

I used the following RPMs to update e-smith V5.1.2:

wget http://updates.redhat.com/7.1/en/os/i386/openssh-3.1p1-13.i386.rpm
wget http://updates.redhat.com/7.1/en/os/i386/openssh-server-3.1p1-13.i386.rpm
wget http://updates.redhat.com/7.1/en/os/i386/openssh-clients-3.1p1-13.i386.rpm

rpm -Fvh *.rpm

service sshd restart