[ale] ssh remote root exploit :-(
James P. Kinney III
jkinney at localnetsolutions.com
Tue Jun 25 13:35:09 EDT 2002
I had "issues" with the binary rpm's below. I had upgraded a few days
before the exploit warning appeared. The ssh-server rpm installed OK,
but would not accept connections. It may be due to not installing the
new sshd.config as I already had a modified one.
The version I built from src.rpm installed and ran like a top even with
the unchanged config. But I changed it to include the privsep option.
As I learn more and more, I am moving more towards building all my own
rpms for installation. It's a great excuse to keep adding hard drives :)
On Tue, 2002-06-25 at 13:22, Stuffed Crust wrote:
> On Tue, Jun 25, 2002 at 12:45:14PM -0400, Dow Hurst wrote:
> > This is a big deal if true. How do I check out if privsep is possible
> > on my installation? This bug should hit Bugtraq very soon, right?
>
> If anyone's interested in OpenSSH 3.3 packages for RedHat 6.2 or 7.x:
>
> ftp://ftp.shaftnet.org/pub/rpms/redhat-6.2/i386/openssh*
>
> or
>
> ftp://ftp.shaftnet.org/pub/rpms/redhat-7.x/i386/openssh*
>
> The 7.x packages are taken from an openssh mirror, but the 6.x packages
> were compiled from the srpm.
>
> - Pizza
> --
> Solomon Peachy
> I ain't broke, but I'm badly bent. ICQ# 1318344
> Patience comes to those who wait.
> ...It's not "Beanbag Love", it's a "Transanimate Relationship"...
--
James P. Kinney III \Changing the mobile computing world/
President and CEO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list