Re: Firewall your ssh status port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I think I still owe you the details on this one:

All GnuGk versions prior to 4.4 can be crashed by remotely opening and
closing multiple ssh connections to the status port (even without
having the ssh credentials). As far as I can tell, this "only" results
in a denial of service and no remote code execution is possible.

So, if you use ssh on the status port, please make sure to update to
GnuGk to 4.4.


Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan@xxxxxxxxxxxxxx

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584

Jan Willamowius wrote:
> Hi,
> users who have enabled ssh on the status port should block access to
> the status port in their firewall or upgrade to the CVS version as soon
> as possible.
> More details later.
> Regards,
> Jan

Check out the vibrant tech community on one of the world's most
engaging tech sites,!

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux