From owner-freebsd-questions  Tue Dec  4 21:14:30 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from nivek.org (CPE0080C6F9B86B.cpe.net.cable.rogers.com [24.102.94.119])
	by hub.freebsd.org (Postfix) with ESMTP id AF27E37B416
	for <questions@freebsd.org>; Tue,  4 Dec 2001 21:14:27 -0800 (PST)
Received: by nivek.org (Postfix, from userid 10001)
	id 4309829A; Wed,  5 Dec 2001 00:18:38 -0500 (EST)
Date: Wed, 5 Dec 2001 00:18:38 -0500
From: Dave Dunaway <bela@nivek.org>
To: Henry smith <getzz11@yahoo.com>
Cc: questions@freebsd.org
Subject: Re: upgrade SSHD?
Message-ID: <20011205001838.A69015@nivek.org>
References: <20011205010035.11722.qmail@web21107.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205010035.11722.qmail@web21107.mail.yahoo.com>; from getzz11@yahoo.com on Tue, Dec 04, 2001 at 05:00:35PM -0800
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


From the release notes of openssh 3.0.2....

This release fixes a vulnerability in the UseLogin option
        of OpenSSH.  This option is not enabled in the default
        installation of OpenSSH.

        However, if UseLogin is enabled by the administrator, all
        versions of OpenSSH prior to 3.0.2 may be vulnerable to
        local attacks.

        The vulnerability allows local users to pass environment
        variables (e.g. LD_PRELOAD) to the login process.  The login
        process is run with the same privilege as sshd (usually    
        with root privilege).

Let's all eat some cheese.

On Tue, Dec 04, 2001 at 05:00:35PM -0800, Henry smith wrote:
> Right now, I'm using OpenSSH_3.0.1. Do I need to
> upgrade to 3.0.2 ?
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Buy the perfect holiday gifts at Yahoo! Shopping.
> http://shopping.yahoo.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 

Dave.

bela@nivek.org
Head Trauma Victim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message