Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenSSH root exploit
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Target
Apprentice
Apprentice


Joined: 25 Apr 2002
Posts: 200

PostPosted: Tue Apr 30, 2002 8:04 am    Post subject: OpenSSH root exploit Reply with quote

A vulnerablility with Kerberos and AFS was found in OpenSSH, which afaik is enabled by default in Gentoo:

http://linux.oreillynet.com/pub/a/linux/2002/04/29/insecurities.html#openssh

The version in portage is 3.1_pr1-r2, which appears to be locally vulnerable. Does this apply to us? If so, we could probably use a new ebuild ASAP.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 16113
Location: Colorado

PostPosted: Tue Apr 30, 2002 8:21 am    Post subject: Reply with quote

How does one determine if this affects them? I have no use for openssh, so I'd just prefer to not have it running.

EDIT: Found this http://www.gentoo.org/news/20020307-nvidia.html
Seems like I've noticed that before, so it may have been fixed for a while now.
Back to top
View user's profile Send private message
Target
Apprentice
Apprentice


Joined: 25 Apr 2002
Posts: 200

PostPosted: Tue Apr 30, 2002 8:27 am    Post subject: Reply with quote

That's a relief, then. They must have simply installed the patch.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum