OpenSSH

Jesse Tie-Ten-Quee highos at linuxfromscratch.org
Wed Jun 26 12:59:17 PDT 2002


Yo,

On Wed, Jun 26, 2002 at 01:39:11PM +0200, Ronald Hummelink wrote:
> You "have" to opt for disabling compression then. Without using
> priviledge seperation OpenSSH 3.3 is as vulnerable to the remote root
> hole as it didn't fix it yet. OpenSSH 3.3 improved the privsep code so
> it actually works acceptably on something else then open/netbsd.
> using privsep works around the roothole. A real fix should be released
> in the form of 3.4 along with the sploit next week, if i understand all
> rumours well ;)

Yeah, I know and that's what I had initally done and used.  Untill about
two hours later when sshd refused to accept new connections (while the
old sessions were still running fine), so I reverted to the old method
untill this morning when I upgraded to 3.4p1.

Still a little too buggy imho ;)

-- 
Jesse Tie-Ten-Quee  ( highos at linuxfromscratch dot org )
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list