[ale] ssh remote root exploit :-(
John Mills
jmmills at telocity.com
Tue Jun 25 16:29:42 EDT 2002
On Tue, 25 Jun 2002, Stuffed Crust wrote:
> On Tue, Jun 25, 2002 at 12:45:14PM -0400, Dow Hurst wrote:
> > This is a big deal if true. How do I check out if privsep is possible
> > on my installation? This bug should hit Bugtraq very soon, right?
>
> If anyone's interested in OpenSSH 3.3 packages for RedHat 6.2 or 7.x:
>
> ftp://ftp.shaftnet.org/pub/rpms/redhat-6.2/i386/openssh*
> The 7.x packages are taken from an openssh mirror, but the 6.x packages
> were compiled from the srpm.
Thanks. I was in the usual RPM hall-of-mirrors on building from the SRPM -
needed 'db1-*' and I couldn't find it.
I built from openssh sources, but may plug in the RPM since you kindly
provided it.
I still don't have a good connection with '--with-privsep-user=nobody' and
'UsePrivilegeSeparation yes'
TIA for help on that.
- John Mills
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list