[luau] Local Root Hole in OpenSSH

[Ken Malmquist]

Steve,

To compile on 6.2, you need to upgrade openssl to 0.9.6 (maybe the same 
problem on OpenBSD).  If you build openssl and do make install, it will 
install in /usr/local/ssl by default.

Then configure openssh something like:

 ./configure --with-tcp-wrappers --with-md5-passwords --with-pam-support 
--with-ssl-dir=/usr/local/ssl

It works -- I've done it.  You will need to include the pam support for your 
systems which are using pam -- if you don't, you'll have trouble logging in 
with a password.  Call me at work if you have trouble.

-Ken


On Friday 08 March 2002 05:55, Steve Anderson wrote:
> Yeah, I think it applies to all OpenSSH prior to 3.1. I was able to upgrade
> our RedHat 7.1 and Solaris machines with the portable 3.1 source. But the
> same source fails on RedHat 6.2. Our OpenBSD 2.8 machine also failed during
> the build process for the regular OpenSSH. I found others with the same
> problems on Google, and the patch for OpenBSD 2.8 was supposed to have been
> fixed. But the updated 2.8 patch had not made it to the download sites yet,
> so I turned off SSH on the 2.8 machine. I also turned off SSH on the Red
> Hat 6.2 machines, and will wait to see what Red Hat comes out with. If
> anyone is still running Red Hat 6.2 and gets OpenSSH 3.1p to build on 6.2,
> please let me know.
>
> Steve Anderson
>
> On Thursday 07 March 2002 12:11 pm, you wrote:
> > Someone found a hole in OpenSSH.
> >
> > Info at: http://www.pine.nl/advisories/pine-cert-20020301.html
> >
> > Everyone should probably upgrade their OpenSSHs about now.  I'm guessing
> > that OpenBSD is also vulnerable (doesn't say only the portable versions).
> >
> > --MonMotha
> >
> > _______________________________________________
> > LUAU mailing list
> > LUAU at videl.ics.hawaii.edu
> > http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau