Date: Wed, 5 Dec 2001 00:18:38 -0500 From: Dave Dunaway <bela@nivek.org> To: Henry smith <getzz11@yahoo.com> Cc: questions@freebsd.org Subject: Re: upgrade SSHD? Message-ID: <20011205001838.A69015@nivek.org> In-Reply-To: <20011205010035.11722.qmail@web21107.mail.yahoo.com>; from getzz11@yahoo.com on Tue, Dec 04, 2001 at 05:00:35PM -0800 References: <20011205010035.11722.qmail@web21107.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From the release notes of openssh 3.0.2....
This release fixes a vulnerability in the UseLogin option
of OpenSSH. This option is not enabled in the default
installation of OpenSSH.
However, if UseLogin is enabled by the administrator, all
versions of OpenSSH prior to 3.0.2 may be vulnerable to
local attacks.
The vulnerability allows local users to pass environment
variables (e.g. LD_PRELOAD) to the login process. The login
process is run with the same privilege as sshd (usually
with root privilege).
Let's all eat some cheese.
On Tue, Dec 04, 2001 at 05:00:35PM -0800, Henry smith wrote:
> Right now, I'm using OpenSSH_3.0.1. Do I need to
> upgrade to 3.0.2 ?
>
>
> __________________________________________________
> Do You Yahoo!?
> Buy the perfect holiday gifts at Yahoo! Shopping.
> http://shopping.yahoo.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
--
Dave.
bela@nivek.org
Head Trauma Victim
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011205001838.A69015>