[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ssh remote root exploit :-(

Subject: [ale] ssh remote root exploit :-(
From: dbron at roman.net (David Bronson)
Date: Tue, 25 Jun 2002 13:20:13 -0400

Hi Dow,

FWIW, I am convinced of the authenticity.

I think privatesep is only supported in 3.3.

#debian on openprojects is a good source for Debian information. Woody
and Potato now have *ick* patches. Unfortunately, the patches really
don't fix the issue; they just supposedly limit the impact.

I don't follow other distros closely so I can't be much help there.

DB

-----Original Message-----
From: Dow Hurst [mailto:dhurst at kennesaw.edu] 
To: ale at ale.org
Sent: Tuesday, June 25, 2002 12:45 PM
To: dbron at roman.net; ale at ale.org
Subject: Re: [ale] ssh remote root exploit :-(

This is a big deal if true.  How do I check out if privsep is possible 
on my installation?  This bug should hit Bugtraq very soon, right?
Dow

David Bronson wrote:

>http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102495293705094&q=ra
w
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems
should be 
>sent to listmaster at ale dot org.
>
>
>  
>

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems
should be 
sent to listmaster at ale dot org.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] ssh remote root exploit :-(
Next by Date: [ale] ssh remote root exploit :-(
Previous by thread: [ale] ssh remote root exploit :-(
Next by thread: [ale] ssh remote root exploit :-(
Index(es):
- Date
- Thread