OpenSSH vulnerability warning
Christopher Murtagh
yellowdog-general@lists.terrasoftsolutions.com
Tue Jun 25 10:52:01 2002
Just a heads up to anyone who might not have seen it:
http://marc.theaimsgroup.com/?l=openbsd-announce&m=102497569424297&w=2
http://slashdot.org/article.pl?sid=02/06/24/1912215&mode=thread&tid=167
According to the above, if you aren't running OpenSSH 3.3, you will
probably want to upgrade ASAP and turn on UsePrivilegeSeparation. By the
sounds of it, there is a nasty exploit that will be made public soon.
Tough luck for Terra Soft, this is the second OpenSSH vulnerability that
came right *after* a new YDL release. :-( So, when's YDL 2.4 coming out.
:-)
Cheers,
Chris
--
Christopher Murtagh
Webmaster / Sysadmin
Web Communications Group
McGill University
Montreal, Quebec
Canada
Tel.: (514) 398-3122
Fax: (514) 398-2017