l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2002 Jun 26 13:35

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] OpenSSH-3.4 released
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] OpenSSH-3.4 released



Just as the topic states, the new version of OpenSSH version 3.4 has been
released. One major difference in this when compared to v 3.3, is an
explotable hole in OpenSSHv3.3 (without Privilege Separation enabled) has
been fixed. (Version prior to 3.3 without priviliege separation are also
at risk.)

This means that you should be able to technically run OpenSSH-3.4 without
privilege separation if you wish and still have a patch against a hole
found by ISS.

If you run OpenSSH-3.3 *with*
UsePrivilegeSeparation yes
(or at least without "UsePrivilegeSeparation no" since yes is the new
default) the present known exploit should not lead to remote root with
the present known exploit and bug that was patched.

It also means that black hats will be examining the diffs between
OpenSSH-3.3 and OpenSSH-3.4 and more widely used exploits will be on the
way real soon.

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.