[luau] Local Root Hole in OpenSSH

Ralph Miranda dragonhawk007 at hotmail.com
Fri Mar 8 09:31:44 PST 2002


Will this be a problem with FreeBSD?

Ralph


----Original Message Follows----
From: Steve Anderson <andersons001 at hawaii.rr.com>
Reply-To: luau at videl.ics.hawaii.edu
To: luau at videl.ics.hawaii.edu
Subject: Re: [luau] Local Root Hole in OpenSSH
Date: Fri, 8 Mar 2002 05:55:08 -1000

Yeah, I think it applies to all OpenSSH prior to 3.1. I was able to upgrade
our RedHat 7.1 and Solaris machines with the portable 3.1 source. But the
same source fails on RedHat 6.2. Our OpenBSD 2.8 machine also failed during
the build process for the regular OpenSSH. I found others with the same
problems on Google, and the patch for OpenBSD 2.8 was supposed to have been
fixed. But the updated 2.8 patch had not made it to the download sites yet,
so I turned off SSH on the 2.8 machine. I also turned off SSH on the Red Hat
6.2 machines, and will wait to see what Red Hat comes out with. If anyone is
still running Red Hat 6.2 and gets OpenSSH 3.1p to build on 6.2, please let
me know.

Steve Anderson

On Thursday 07 March 2002 12:11 pm, you wrote:
 > Someone found a hole in OpenSSH.
 >
 > Info at: http://www.pine.nl/advisories/pine-cert-20020301.html
 >
 > Everyone should probably upgrade their OpenSSHs about now.  I'm guessing
 > that OpenBSD is also vulnerable (doesn't say only the portable versions).
 >
 > --MonMotha
 >
 > _______________________________________________
 > LUAU mailing list
 > LUAU at videl.ics.hawaii.edu
 > http://videl.ics.hawaii.edu/mailman/listinfo/luau
_______________________________________________
LUAU mailing list
LUAU at videl.ics.hawaii.edu
http://videl.ics.hawaii.edu/mailman/listinfo/luau




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com




More information about the LUAU mailing list