OpenSSH Security Advisory (adv.token)
Frank Smith
Frank.Smith at unilever.com
Thu Apr 25 09:50:25 EST 2002
On Saturday, April 20, 2002 11:40 PM, Niels Provos [SMTP:provos at citi.umich.edu]
wrote:
> A buffer overflow exists in OpenSSH's sshd if sshd has been compiled
> with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
> has been enabled in the sshd_config file. Ticket and token passing
> is not enabled by default.
>
> 1. Systems affected:
> ...
> 2. Impact:
>
> Remote users may gain privileged access for OpenSSH < 2.9.9
>
> Local users may gain privileged access for OpenSSH < 3.3
>
> No privileged access is possible for OpenSSH with
> UsePrivsep enabled.
>
> 3. Solution:
> ...
from where did you get openssh version 3.3? as of today (24 apr), openssh's
website listed version 3.1p1 as the current version.
frank smith
frank.smith at unilever.com
More information about the openssh-unix-dev
mailing list