[luau] Local Root Hole in OpenSSH

Steve Anderson andersons001 at hawaii.rr.com
Fri Mar 8 08:49:33 PST 2002 

I believe that you don't have to use PAM. I think you can require PAM in 
sshd.conf. So it should follow that sshd could run on 6.2 without PAM, if PAM 
is not set to required. I have not built a binary with static libraries. Is 
there info on the web about how to go about it in general? I also need to use 
tcpd wrappers.
Steve

On Thursday 07 March 2002 06:17 pm, you wrote:
> Does redhat 6.2 use PAM?  If it doesn't I can statically link you a copy
> that should run no matter what.
>
> --MonMotha
>
> Steve Anderson wrote:
> > Yeah, I think it applies to all OpenSSH prior to 3.1. I was able to
> > upgrade our RedHat 7.1 and Solaris machines with the portable 3.1 source.
> > But the same source fails on RedHat 6.2. Our OpenBSD 2.8 machine also
> > failed during the build process for the regular OpenSSH. I found others
> > with the same problems on Google, and the patch for OpenBSD 2.8 was
> > supposed to have been fixed. But the updated 2.8 patch had not made it to
> > the download sites yet, so I turned off SSH on the 2.8 machine. I also
> > turned off SSH on the Red Hat 6.2 machines, and will wait to see what Red
> > Hat comes out with. If anyone is still running Red Hat 6.2 and gets
> > OpenSSH 3.1p to build on 6.2, please let me know.
> >
> > Steve Anderson
> >
> > On Thursday 07 March 2002 12:11 pm, you wrote:
> >>Someone found a hole in OpenSSH.
> >>
> >>Info at: http://www.pine.nl/advisories/pine-cert-20020301.html
> >>
> >>Everyone should probably upgrade their OpenSSHs about now.  I'm guessing
> >>that OpenBSD is also vulnerable (doesn't say only the portable versions).
> >>
> >>--MonMotha
> >>
> >>_______________________________________________
> >>LUAU mailing list
> >>LUAU at videl.ics.hawaii.edu
> >>http://videl.ics.hawaii.edu/mailman/listinfo/luau
> >
> > _______________________________________________
> > LUAU mailing list
> > LUAU at videl.ics.hawaii.edu
> > http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau

More information about the LUAU mailing list