Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Knuddi on July 05, 2004, 07:19:37 PM
-
One of my good friends and colleagues had his SME 6.0 compromised and hijacked (web pages changed) through a SSH vulnerability.
I am not 100% sure that the files I have gathered are closing the whole(s) but thay are all the latest builds of OpenSSH and OpenSSL.
Download from:
http://sme.swerts-knudsen.dk/downloads/Updates/6.0.1/
and install via
#rpm -Uvh *.rpm
Rgds,
Jesper
-
Thank you for this Jesper.
Works fine here.
Remember also to upgrade the rsync if you're using the server as anonymous rsync server.
A new rpm can be found here:
http://dungog.net/sme/files/backup-rsync/rsync-2.6.2-1.noarch.rpm
Rgds.
Greg
-
Jesper
Can you or your friend do us all a favour and send the details of that security breach to security@contribs.org
I'm sure the people on that list will be interested to hear about this, especially if it really reveals a flaw in the system. If you don't report it, they won't know.
Thanks
-
I will work with my friend to get hold of portions of his message log as well as all the RPMs installed. What I do know is that the message log indicated a SHH user login attempt from a user called LHR that failed after which he could see index.html as well as other user/password files being modified.
His main index got changed to depitch BenLadin Air as the following text:
MusHRooM - LHR - pSico_b0y - Xterm
XXXX(edited by moderator) all GOVERNMENT
BRAZIL RULEZ
Greetz: all friends
on irc.phey.net
#M4F14
A inveja de alguns é o que nos fortalece
-
bump up
-
Refresh needed :idea: