For us AIXers ...

Sandor W. Sklar ssklar at stanford.edu
Wed Jun 26 05:34:02 EST 2002


... who are nervous because:

(a) it seems that there will be a widely-known vulnerability 
and/exploit for OpenSSH available in the coming days, and

(b) the advertised fix for the problem, privilege separation, doesn't 
seem to be working on AIX as of the latest release version of OpenSSH 
(based on the comments I've read; I haven't tried it yet) ...

... what should we do?  I've seen a whole bunch of comments and 
patches flying on the list, but I don't know if any of those patches 
definitively fix the AIX problem, nor do I know whether they will be 
committed to CVS, nor do I know if there will be a new release in the 
next few days incorporating these fixes.

Can someone authoritatively answer this question?

Thanks, --Sandy

-- 
   Sandor W. Sklar  -  Unix Systems Administrator  -  Stanford University ITSS
   Non impediti ratione cogitationis.     http://whippet.stanford.edu/~ssklar/



More information about the openssh-unix-dev mailing list