l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Jun 26 13:35

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] OpenSSH-3.4 released
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] OpenSSH-3.4 released

Just as the topic states, the new version of OpenSSH version 3.4 has been
released. One major difference in this when compared to v 3.3, is an
explotable hole in OpenSSHv3.3 (without Privilege Separation enabled) has
been fixed. (Version prior to 3.3 without priviliege separation are also
at risk.)

This means that you should be able to technically run OpenSSH-3.4 without
privilege separation if you wish and still have a patch against a hole
found by ISS.

If you run OpenSSH-3.3 *with*
UsePrivilegeSeparation yes
(or at least without "UsePrivilegeSeparation no" since yes is the new
default) the present known exploit should not lead to remote root with
the present known exploit and bug that was patched.

It also means that black hats will be examining the diffs between
OpenSSH-3.3 and OpenSSH-3.4 and more widely used exploits will be on the
way real soon.


Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!