Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-announce
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-announce@g.o
From: Ferry Meyndert <m0rpheus@g.o>
Subject: [GLSA] Updated openssh version 3.1 that fixes off-by-one error that can cause a local root vulnerability
Date: Thu, 7 Mar 2002 18:29:24 +0100
- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE        :openssh
SUMMARY        :vulnerable to a off-by-one error in the channel code
DATE           :2002-04-7 18:02:00

- --------------------------------------------------------------------------

OVERVIEW

 
 A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2
 Users with an existing user account can abuse this bug to
 gain root privileges. Exploitability without an existing
 user account has not been proven but is not considered
 impossible. A malicious ssh server could also use this bug 
 to exploit a connecting vulnerable client.


DETAIL

 http://www.pine.nl/advisories/pine-cert-20020301.txt


SOLUTION

 
 It is recommended that all openssh users apply the update

 Portage Auto:

 emerge rsync
 emerge update
 emerge update --world


 Portage by hand:

 emerge rsync
 emerge net-misc/openssh

 Manually:

 Download the new openssh package here and follow in file instructions:
 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1.tar.gz

- --------------------------------------------------------------------------
Ferry Meyndert
m0rpheus@g.o
- --------------------------------------------------------------------------





Attachment:
pgprvyrXuGYHK.pgp (PGP signature)
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
New baselayout-1.7.3-r1 released
Next by thread:
New gentoo-newbies and gentoo-security mailing lists
Previous by date:
New baselayout-1.7.3-r1 released
Next by date:
New gentoo-newbies and gentoo-security mailing lists


Updated Jun 17, 2009

Summary: Archive of the gentoo-announce mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.