Brightbox
  • Home
  • Pricing & Signup
  • Why Brightbox?
  • FAQs
  • Services
  • Blog
  • Wiki
  • Forums
  • Support
  • About
  • Contact
Blog RSS feed
POSTED BY

John Leach

john@brightbox.co.uk

twitter_banner

Recent Posts

  • Ruby Manor
  • Rails CSRF Security Vulnerability
  • Beta testers required to trial new Content Delivery Network (CDN) service
  • New Office
  • Brightbox Forums Launched

Ubuntu Openssh vulnerability 14 May 08

A vulnerability in some versions of Openssh on Debian and Ubuntu Linux was announced yesterday which can result in attackers gaining ssh access to machines with weak keys.  Any versions of Openssh that can produce these weak keys needs to be upgraded, and any weak keys in use need to be regenerated.

One of our admin keys, used for accessing customer machines for support, was generated on a vulnerable version of Ubuntu.  This key is installed on Brightboxes by default though is limited to access from the private network only, mitigating the risk somewhat.

We’ve generated a new key and have now installed it on all affected Brightboxes and removed the weak one (you may have noticed some ssh connections from the private network to your box this morning as the user bbox-admin).

The Brightbox distribution is based on Ubuntu Dapper, which is not directly vulnerable to this bug, but if you are using an ssh key generated on one of the vulnerable versions then your Brightbox might be at risk.  If you use any of the vulnerable versions of Ubuntu yourself then please follow the instructions in the Ubuntu security notice.

Posted 14 May 2008 by John Leach

security+ ubuntu

1 Comment

  1. 6 months ago LornaJane said:

    Ah, thanks for the reminder! I run ubuntu on my server and need to do this.

Post your comment


Recent blog posts

  • Ruby Manor
    about 16 hours ago
  • Rails CSRF Security Vulnerability
    1 day ago
  • Beta testers required to trial new Content Delivery Network (CDN) service
    15 days ago
  • New Office
    18 days ago
  • Brightbox Forums Launched
    20 days ago
  • New: order upgrades via Control Panel
    22 days ago

Join our email list

Flickr (more...)

RSS feeds

Blog feed

Flickr feed

Recent Wiki updates

System Status feed




Brightbox Partners and Vendors

Wiki | Forums | Terms & Conditions | Privacy | Site map

Copyright © 2008 Brightbox Systems Ltd. All rights reserved