View previous topic :: View next topic |
Author |
Message |
Target Apprentice
Joined: 25 Apr 2002 Posts: 200
|
Posted: Tue Apr 30, 2002 8:04 am Post subject: OpenSSH root exploit |
|
|
A vulnerablility with Kerberos and AFS was found in OpenSSH, which afaik is enabled by default in Gentoo:
http://linux.oreillynet.com/pub/a/linux/2002/04/29/insecurities.html#openssh
The version in portage is 3.1_pr1-r2, which appears to be locally vulnerable. Does this apply to us? If so, we could probably use a new ebuild ASAP. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Tue Apr 30, 2002 8:21 am Post subject: |
|
|
How does one determine if this affects them? I have no use for openssh, so I'd just prefer to not have it running.
EDIT: Found this http://www.gentoo.org/news/20020307-nvidia.html
Seems like I've noticed that before, so it may have been fixed for a while now. |
|
Back to top |
|
|
Target Apprentice
Joined: 25 Apr 2002 Posts: 200
|
Posted: Tue Apr 30, 2002 8:27 am Post subject: |
|
|
That's a relief, then. They must have simply installed the patch. |
|
Back to top |
|
|
|