SSH deja vu

[Max Parke <mhp () lightlink com>]

Sorry if this is already a known issue.

When the vulnerabilities in ssh-1.xx were publicised, we upgraded to 
ssh-2.xx on our machines.  The process for ssh version 2.xx does NOT
erase sshd1 from /usr/local/sbin, and if an incoming client is still
running the old ssh version 1, sshd2 will hand off control to 
/usr/local/sbin/sshd1 (of course, this can be disabled).

It appears that if your old sshd from version 1 was vulnerable before
installing ssh version 2, YOU ARE STILL VULNERABLE.  We have
information that this problem is currently being actively exploited,
and scans for vulnerable machines are being conducted.

Messages such as the following (note: sshd, not sshd2) indicate that a
scan may be in progress:

sshd[6169]: fatal: Local: Corrupted check bytes on input.
sshd[6253]: fatal: Local: crc32 compensation attack: network attack
detected