![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:007 - openssh channel code bug Date: Thu, 7 Mar 2002 19:55:13 +0000 (GMT) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: openssh Summary: "Off by one" channel code bug; root exploit Date: 2002-03-07 ID: ERISA-2002:007 ========================================================================= Problem description: A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing account on a machine can make use of this bug to gain root privileges. Exploiting this bug without an existing user account has not yet been proved but is not believed to be impossible. A maliciously modified ssh server could also use this bug to exploit a connecting vulnerable client. ------------------------------------------------------------------------- Updated packages: d1cd7d4b731e9cb9449c0e2a84d46eb9 openssh-3.0.2p1-2.src.rpm 481a2004413f7378a149e6306eb6a7a5 openssh-3.0.2p1-2.i386.rpm 9383dcd91ed52aed11430399f4f8e7c2 openssh-askpass-3.0.2p1-2.i386.rpm dd3962d013372b9a9f9730103c203d48 openssh-askpass-gnome-3.0.2p1-2.i386.rpm ba33a45a9908a6ebcce3f7df9d27a5f9 openssh-clients-3.0.2p1-2.i386.rpm 5707f79596d94dee0508b431e491869e openssh-server-3.0.2p1-2.i386.rpm ------------------------------------------------------------------------- References: http://www.pine.nl/advisories/pine-cert-20020301.txt ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.