OpenSSH Local Root Hole
maelstrom writes: "Looks like someone's found a local root exploit for OpenSSH versions between 2.0 and 3.0.2. Seems as though its a one-off error, there is no public exploit, but there is sure to be one shortly. They aren't ruling out remote exploit. Recommending patching and upgrading ASAP."
Ummmm, RTFP!
They aren't ruling out the possibility of a remote exploit.
I can't wait for the Daniel J. Bernstein version of ssh.
-russ
Don't piss off The Angry Economist
Nah they don't.;) But I'm working on exploit code as we speak.
When a single missing '=' can cause a root exploit in code that's generally considered well-written, who are these people that actually entertain the idea that C is the right language to do coding in?
Has all the features any Modern Programmer could want. And it has the Highly Secure .net framework built in. What more could you want?
Best Slashdot Co
Four days without a remote hole in the default install!
Not sure if OpenSSH is enabled by default though.