[lug] Ancient RH box hacked, which packages must be updated?
Lee Woodworth
blug-mail at duboulder.com
Fri Mar 26 10:08:46 MST 2004
On 25 Mar 2004 at 17:20, Bear Giles wrote:
> My company is in the process of migrating from an ancient RH
> server to a current RHE or Debian box, but in the meanwhile
> somebody has hacked our box. Does anyone know which packages
> *must* be updated because of known exploits, or should we consider
> it a lost cause and put all of our effort into migrating to the
> new platform?
I know that 2 years ago a secondary-DNS server in Golden was
hacked. The box was running RH6 with an old SSH. The hack was
thgough SSH. IIRC there was some weakness in version 1 of the
protocol and the RH6 sshd only supported version 1.
The latest version for ssh I know of is 3.7.1p2. I always disable
version 1 support from sshd even for internal networks.
You should also update SSL as some DOS vulnerabilities have
been recently found. Fixed versions are openssl-0.9.7d and a
0.9.6m.
More information about the LUG
mailing list