Thanks for the heads up. I also want to caution other Debian users to
check their /var/log/auth.log to see if their machine has been
compromised.
raju
On Thu, May 15, 2008 at 5:10 PM, Hurf Sheldon <
> wrote:
Forwarded to cslug-l <
> from netadmin-l
h
--------
A recently released security announcement affects Debian and Debian-derived
systems (Ubuntu, Knoppix, etc). The primary risk posed by this vulnerability
is to SSH host keys, though SSL and OpenVPN keys are also at-risk.
We have seen a significant increase in scanning for vulnerable systems, and
several exploits are now publicly available.
Anyone running Debian or one of its derivatives is urged to patch and
regenerate SSH/SSL/VPN keys as necessary. For more information:
<http://www.debian.org/security/2008/dsa-1576>
Starting tomorrow (Friday, 16 May) we will be scanning campus for vulnerable
SSH instances. This scanning takes the form of a single SSH connection from
either secutil1.cit.cornell.edu or secutil2.cit.cornell.edu. This will
allow us to compare the signature of the host key in use to a published list
of weak keys. Where applicable, netadmins will be notified of vulnerable
systems.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reply-to: 
Network Operations Center
Cornell University
Ithaca, NY 14853
607-255-9900
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>