[luau] openssh vulnerability
Vince Hoang
luau at ml.altern8.net
Tue Sep 23 08:23:00 PDT 2003
On Thu, Sep 18, 2003 at 06:29:32AM -1000, Deven Phillips wrote:
> Thanks to quick action from our team at HCC, I am proud to say
> that we had all of our systems patched as of 4PM yesterday
> afternoon. Not bad for having to upgrade, patch, and test
> 30+ productions machines without any serious interuptions to
> service.
Can you be done by 3pm today? :/
http://www.openssh.com/txt/sshpam.adv
Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple
vulnerabilities in the new PAM code. At least one of these bugs
is remotely exploitable (under a non-standard configuration,
with privsep disabled).
The OpenBSD releases of OpenSSH do not contain this code and
are not vulnerable. Older versions of portable OpenSSH are not
vulnerable.
-Vince
More information about the LUAU
mailing list