Just in case no one has seen this: http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
Len Rose wrote:
Just in case no one has seen this:
http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
I had not, and I thank you! My debian and NetBSD systems were quickly patched, but does anybody know whether there's a problem with the criscos? (as in "how do I configure my router for that?" ;-) -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
On Tue, Sep 16, 2003 at 03:08:38PM -0400, William Allen Simpson wrote:
Len Rose wrote:
Just in case no one has seen this:
http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
I had not, and I thank you! My debian and NetBSD systems were quickly patched, but does anybody know whether there's a problem with the criscos? (as in "how do I configure my router for that?" ;-)
Or better yet, the OpenSSH running on Junipers? Nothing on Juniper's site about a vulnerability so far. - Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Tue, 16 Sep 2003 15:33:03 EDT, Richard A Steenbergen said:
patched, but does anybody know whether there's a problem with the criscos? (as in "how do I configure my router for that?" ;-)
Or better yet, the OpenSSH running on Junipers? Nothing on Juniper's site about a vulnerability so far.
A posting to full-disclosure quotes Theo as saying HP and Cisco are affected, and I don't see any reason that Juniper would *NOT* be, given the common code base of the OpenSSH implementations. I'm not going to say the routers are vulnerable, but I *would* say that ACLs blocking port 22 to the router might be a good idea.....
On Tue, Sep 16, 2003 at 03:50:04PM -0400, Valdis.Kletnieks@vt.edu wrote:
A posting to full-disclosure quotes Theo as saying HP and Cisco are affected, and I don't see any reason that Juniper would *NOT* be, given the common code base of the OpenSSH implementations. I'm not going to say the routers are vulnerable, but I *would* say that ACLs blocking port 22 to the router might be a good idea.....
Isn't this a common practice anyway? Has been anywhere sensible I've seen :-)
If remotely exploitable as the discoverer says, this could potentially have more operational impact :-( http://www.sendmail.org/8.12.10.html ---Mike
On Wed, 17 Sep 2003, Avleen Vig wrote:
On Tue, Sep 16, 2003 at 03:50:04PM -0400, Valdis.Kletnieks@vt.edu wrote:
A posting to full-disclosure quotes Theo as saying HP and Cisco are affected, and I don't see any reason that Juniper would *NOT* be, given the common code base of the OpenSSH implementations. I'm not going to say the routers are vulnerable, but I *would* say that ACLs blocking port 22 to the router might be a good idea.....
Isn't this a common practice anyway? Has been anywhere sensible I've seen :-)
I thought the whole purpose of running sshd on your router (or any box for that matter) is to be able to access it securely from remote locations. Of course, you could ssh to your patched unix box from outside (assuming your internal network is ok), then ssh back to the router, but you might as well just use telnet then (assuming a properly switched and vlan'd LAN). James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
participants (7)
-
Avleen Vig
-
Len Rose
-
Mike Tancsa
-
Richard A Steenbergen
-
up@3.am
-
Valdis.Kletnieks@vt.edu
-
William Allen Simpson