[luau] Local Root Hole in OpenSSH
Steve Anderson
andersons001 at hawaii.rr.com
Fri Mar 8 07:55:08 PST 2002
Yeah, I think it applies to all OpenSSH prior to 3.1. I was able to upgrade
our RedHat 7.1 and Solaris machines with the portable 3.1 source. But the
same source fails on RedHat 6.2. Our OpenBSD 2.8 machine also failed during
the build process for the regular OpenSSH. I found others with the same
problems on Google, and the patch for OpenBSD 2.8 was supposed to have been
fixed. But the updated 2.8 patch had not made it to the download sites yet,
so I turned off SSH on the 2.8 machine. I also turned off SSH on the Red Hat
6.2 machines, and will wait to see what Red Hat comes out with. If anyone is
still running Red Hat 6.2 and gets OpenSSH 3.1p to build on 6.2, please let
me know.
Steve Anderson
On Thursday 07 March 2002 12:11 pm, you wrote:
> Someone found a hole in OpenSSH.
>
> Info at: http://www.pine.nl/advisories/pine-cert-20020301.html
>
> Everyone should probably upgrade their OpenSSHs about now. I'm guessing
> that OpenBSD is also vulnerable (doesn't say only the portable versions).
>
> --MonMotha
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
More information about the LUAU
mailing list