On Tuesday 07 July 2009, Ray Van Dolson wrote:
On Tue, Jul 07, 2009 at 10:31:36PM +0200, Geoff Galitz wrote:
is there a security issue on CentOS 5.3 with openssh 4.3?
If this is a real zero-day exploit.. then yes, there is an issue. The following link may be the best source of information at the moment:
http://isc.sans.org/diary.html?storyid=6742
FWIW, I think the second comment about RHEL/Centos in the referenced post is a little off-base. After all, you have to know that a bug exists before you can fix it.
This link[1] seems to show a RHEL 5.3 machine being exploited (could be wrong though).
The only thing indicating that this is RHEL-5.3 is, afaict, the title. The kernel version is not EL, the mysql version is not etc.
Worth keeping an eye on though.
/Peter