Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
OpenSSH - Major Security Vulnerability
The OpenSSH vulnerability has been disclosed and affects all recent versions.
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Please see the ISS advisory, or our own OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. Systems running with UsePrivilegeSeparation yes or ChallengeResponseAuthentication no are not affected.
The 3.4 release contain many other fixes done over a week long audit started when this issue came to light. We believe that some of those fixes are likely to be important security fixes. Therefore, we urge an upgrade to 3.4.
Everyone should upgrade to 3.4p1 ASAP. You can also:
Disable ChallengeResponseAuthentication in sshd_config.
Disable PAMAuthenticationViaKbdInt in sshd_config.
for distro which is not using PAM, S/KEY and BSD_AUTH such as slackware is not vulnerable ( i guess )
AFAIK this seems correct. Any distro where OpenSSH 2.9> wasn't compiled with S/Key BSD_AUTH *seems* unaffected. The PAM ViaKbdInt usually seems compiled in, but will need to be enabled by the admin to work as it's disabled by default.
But if you're taking your statement as an argument to *not* upgrade OpenSSH, think again: "Although some earlier versions are not affected upgrading to OpenSSH 3.4 is recommended, because OpenSSH 3.4 adds checks for a class of potential bugs" (ISS adv rev 2).