Received the following email from my hosting provider but I can't seem
to find any details on this zero day exploit anywhere on the web.
There's some brief mention of some sites being exploited running SSH
on Solaris but nobody really knows if it's truly a zero day exploit
for SSH or some other vulnerability being exploited. Does anybody know
anything about this??
"Good afternoon folks,
As of a few moments ago I was notified that there's a new SSH 0day
exploit floating around the web and is actively being used to exploit
providers. Until further notice SSH access is being disabled on 100%
of our shared and managed dedicated servers. We will update you via
email when the restriction is lifted. My apologies for any
inconvenience but as always: Security comes first before convenience.
To our lay clients who may not comprehend what SSH is -- even better,
don't worry we've got everything under control and you won't miss a
thing. Your service will continue to function as normal.
A special note to those dedicated clients who don't have fully managed
packages: I'd highly recommend turning down SSH access immediately.
We'll be arriving on-site later this afternoon to cleanup any issues
caused by this."
Thanks.
to find any details on this zero day exploit anywhere on the web.
There's some brief mention of some sites being exploited running SSH
on Solaris but nobody really knows if it's truly a zero day exploit
for SSH or some other vulnerability being exploited. Does anybody know
anything about this??
"Good afternoon folks,
As of a few moments ago I was notified that there's a new SSH 0day
exploit floating around the web and is actively being used to exploit
providers. Until further notice SSH access is being disabled on 100%
of our shared and managed dedicated servers. We will update you via
email when the restriction is lifted. My apologies for any
inconvenience but as always: Security comes first before convenience.
To our lay clients who may not comprehend what SSH is -- even better,
don't worry we've got everything under control and you won't miss a
thing. Your service will continue to function as normal.
A special note to those dedicated clients who don't have fully managed
packages: I'd highly recommend turning down SSH access immediately.
We'll be arriving on-site later this afternoon to cleanup any issues
caused by this."
Thanks.