OpenSSH Security Advisory (adv.token)
Jason Stone
jason at shalott.net
Thu Apr 25 11:43:25 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > A buffer overflow exists in OpenSSH's sshd if sshd has been compiled
> > with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
> > has been enabled in the sshd_config file. Ticket and token passing
> > is not enabled by default.
> >
> > 1. Systems affected:
> > ...
> > 2. Impact:
> >
> > Remote users may gain privileged access for OpenSSH < 2.9.9
> >
> > Local users may gain privileged access for OpenSSH < 3.3
>
> from where did you get openssh version 3.3? as of today (24 apr),
> openssh's website listed version 3.1p1 as the current version.
This is the forthcoming new release. It's been being tested for a while
now and will be released... soon.
-Jason
-----------------------------------------------------------------------
I worry about my child and the Internet all the time, even though she's
too young to have logged on yet. Here's what I worry about. I worry
that 10 or 15 years from now, she will come to me and say "Daddy, where
were you when they took freedom of the press away from the Internet?"
-- Mike Godwin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE8x189swXMWWtptckRAvBkAKD4Q1dO8PoNHdzmNHJ2/WO7ZMyofQCfYGgV
iCTxKtF8KySz44t55MW6apc=
=hnK+
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list