SSH buffer management problem
Konstantin Riabitsev
yellowdog-general@lists.terrasoftsolutions.com
Tue Sep 16 11:41:01 2003
--=-yRvId8IYXH+ShOLzAT3M
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2003-09-16 at 12:10, Christopher TESSONE wrote:
> Just a heads-up, since most of us are probably running the OpenSSH
> 3.5p1 that shipped with YDL 3.0: OpenSSH has a buffer management error
> which may or may not allow someone to get root on your machine.
> Here's the announcement for OpenSSH 3.7, which fixes the error:
Well, it should also be noted that YDL is a little less vulnerable to
skript kiddi3 attacks, as memory buffer allocations are completely
different on PPC than on x86. This doesn't solve the problem, of course,
but you are less likely to be targeted as the result.
If you are running x86, now is the time to hit "yum -y update"
repeatedly every 5 minutes. :)
Regards,
--=20
Konstantin ("Icon") Riabitsev
Duke University Physics Sysadmin
--=-yRvId8IYXH+ShOLzAT3M
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUAP2dLB40kzWT64eO/AQI/LwQAvCc7ZMHegpk/dByUYaLIFY+vxL0AJKgE
UhxxXA+lH3eytDOUshsVKfj9D2zmKPhBTL/w5ioSY6loSfR7BzWDMGUm85tBmpIc
BVWjSC5BmZxkdiHZSYPEzF1Ey4NKXHNT2nDgQhLo/SR8bWq+wWrF59Kt7FF2FMb4
HimYWfuDBW0=
=9gmf
-----END PGP SIGNATURE-----
--=-yRvId8IYXH+ShOLzAT3M--