[lug] ssh hole
Andrew Gilmore
agilmore at uc.usbr.gov
Tue Sep 16 12:01:50 MDT 2003
Since I've got only the one Solaris machine open via ssh, I'm building
an openssh solaris package (grr, when will they move to rpm?)
I've already got it patched. I saw the /. comment early, and grabbed a
full tarball of 3.7p1. :)
SSH is such a critical piece of infrastructure.
Andrew
On Tue, 2003-09-16 at 11:53, Richard Fifarek wrote:
> openssh.com updated their within the last hour, annoucing the
> release of 3.7. The draft of the advisory is here:
>
> http://www.openssh.com/txt/buffer.adv
>
> On 16 Sep 2003, Andrew Gilmore wrote:
>
> > Looks like ssh may be the target of another remote exploit. Sounds like
> > it is time to patch and reinstall.
> >
> > The OpenBSD crowd make it sound like OpenBSD may not be vunerable, but
> > there are reports of exploits in the wild for other systems, including
> > Linux and Solaris.
> >
> > See http://slashdot.org/article.pl?sid=03/09/16/1327248
> >
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >
More information about the LUG
mailing list