trinux-talk

[Trinux-talk] Dropbear SSH Server <= 0.34 Vulnerability

[Matthew F. <mf...@ci...>]

The current package uses 0.33 and *is* vulnerable (haven't tested it
though). I' working on building the new package, but having some issues
getting 0.35 to work. So if you have any *net facing boxes running Dropbear
might want to use iptables to do some filtering.

- mdf

Re: [Trinux-talk] Dropbear SSH Server <= 0.34 Vulnerability

[MP <gr...@tu...>]

Until you get 0.35 working (unless you have already??) can you compile
0.33 with the "fix" mentioned at:
http://www.securiteam.com/unixfocus/5VP0E2AAUS.html  (or maybe even just
compile a version with syslog disabled).  Thats of course if that fix
applies to 0.33.

M.
>
> The current package uses 0.33 and *is* vulnerable (haven't tested it
> though). I' working on building the new package, but having some issues
> getting 0.35 to work. So if you have any *net facing boxes running
> Dropbear might want to use iptables to do some filtering.
>
> - mdf