OpenSSH exploit affects Mac OS X users

alpanther · September 17, 2003 3:38AM

Don't get too worked up it's disabled by default; but if you have a version prior to 3.7 and have it enabled you may want to upgrade.

From MacNN

SecurityFocus BUGTRAQ

wjmoore · September 17, 2003 8:03AM

Quote:

Originally posted by AlPanther

Don't get too worked up it's disabled by default; but if you have a version prior to 3.7 and have it enabled you may want to upgrade.

From MacNN

SecurityFocus BUGTRAQ

Or disable it until Apple releases an update.

kickaha · September 17, 2003 11:09AM

Or nail it down to trusted IPs with the Firewall, like I did.

Port 22 is ssh, allow only traffic from IPs that you know you're going to be using.

I figure if they are that concerned with hacking my piddly home box that they take the trouble to snoop my connections, learn the IPs I'm using, spoof them, then crack ssh... let 'em. I'm not that concerned.

xool · September 18, 2003 2:18PM

Come on Apple... where's my Security Update?

chealion · September 18, 2003 2:38PM

I'm not at home, so I can't check, but didn't Fink have the latest version, 3.7.1 or something which isn't affected?

wjmoore · September 18, 2003 8:04PM

Quote:

Originally posted by Xool

Come on Apple... where's my Security Update?

They usually take a week (if they're quick) to fix things like this.

xool · September 20, 2003 11:09PM

You think this security update will just be included in 10.2.8?

eugene · September 21, 2003 2:35AM

Quote:

Originally posted by Xool

You think this security update will just be included in 10.2.8?

What about 10.1.x users? IMO, security updates should be offered in elemental form.

xool · September 23, 2003 5:20AM

Quote:

Originally posted by Eugene

What about 10.1.x users? IMO, security updates should be offered in elemental form.

Lol. And they fix it for 10.2.8, but not for my G5! Doh!

addison · September 23, 2003 7:29AM

I have noticed that whilst somethings take ages to fix Apple is really hot on security issues. I commend their speed, it really puts MS to shame.

wjmoore · September 23, 2003 7:51AM

Quote:

Originally posted by WJMoore

They usually take a week (if they're quick) to fix things like this.

6 days, not far off eh!

gabid · September 23, 2003 10:51AM

Quote:

Originally posted by Xool

Lol. And they fix it for 10.2.8, but not for my G5! Doh!

I'll second that sentiment. Right there with you waiting for a G5 update...

willywalloo · September 25, 2003 7:22PM

10.2.8 doesn't look like it's made for the 64-bit support...that would be the major reason. 10.2.7 is the first version that does.

Panther 10.3 (7b53) works great on the G5, and there is even a speed increase when going from 10.2.7 to Panther !

xool · September 25, 2003 10:43PM

Nobody is commenting much on the latest Panther builds. We all know it should be FC x status soon. I'm just waiting to download the GM from ADC and slap it on all sorts of good stuff -- G5 especially.

xool · September 27, 2003 5:51PM

Back on topic....

Still no SSH patch for my G5. In fact, now that 10.2.8 has been pulled, there's no fix for my other boxes either.

xool · September 30, 2003 5:27PM

Still waiting. Although I heard that 10.2.8 was rereleased. Not showing up on my Ti and I even when it does, I doubt it will help my G5. Grrr....

OpenSSH exploit affects Mac OS X users

Comments