Info on OpenSSH lastest vuln. ?

Laurent Papier papier at sdv.fr
Tue Jun 25 17:53:54 EST 2002


Hi,
it seems that there is a vulnerability in OpenSSH including version 3.3. Using
privilege separation do not fix the problem but fail the intruder in the chroot
of the sshd daemon. The OpenBSD team announce that they will release a new
version 3.4 on monday that fix the vulnerability.

Will a new version of portable OpenSSH be also release on monday ? Or could we
already upgrade to v3.3 and activate the privilege separation.

-- 
Laurent Papier - Sys. Admin



More information about the openssh-unix-dev mailing list