Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerabilities in Portable OpenSSH

Posted by michael on from the will-get-it-right-eventually dept.

An anonymous reader writes "The OpenSSH team has uncovered multiple exploitable vulnerabilities in the days-old portable release of OpenSSH. That's right folks: time to patch *again*. 3.7.1p2 is now available. Instructions and mirror list here. Please note that this vulnerability only affects *portable* OpenSSH--so if you are running OpenBSD, you're safe. This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file. Info on the advisory here and here."

17 of 324 comments (clear)

  1. hmm by tedtimmons · · Score: 4, Funny

    Who is pam, and what did she have to do with openssh?

    -ted

    1. Re:hmm by r_j_prahad · · Score: 4, Funny

      Pam was my ex-wife. She was pluggable by too many.

    2. Re:hmm by TedCheshireAcad · · Score: 2, Funny

      Well, apparently there wasn't much Privilege Separation going on, or you would never have found out.

    3. Re:hmm by Anonymous Coward · · Score: 1, Funny

      yea she did, it was too big to fit in our house so she had to take it back to the store

    4. Re:hmm by un4given · · Score: 2, Funny

      Pam was my ex-wife. She was pluggable by too many.

      Yes, sorry about that. I discovered an exploit when I inserted a 'long' into a 'short' buffer in PAM's module...

  2. A solution? by gpinzone · · Score: 4, Funny

    This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file.

    Wouldn't that prevent anyone from loging-in? I guess that's a solution. Why not disconnect the network cable, too?

  3. Time for a new spin on security practices? by Anonymous Coward · · Score: 4, Funny

    Maybe the OSS community needs a Trustworthy Computing initiative =]

  4. You should switch to \/\/ind0w5! by Anonymous Coward · · Score: 0, Funny

    Because you can have it notify you and update all these things automatically and not even worry about any of this stuff. It's real simple, too. All you do it check "automatic updates" and it works! Then there are no more problems. No worms. No exploits. Your box is secure. 4m4zin6!

  5. Re:Non-standard configuration by Anonymous Coward · · Score: 1, Funny

    Minimize the damage:

    Become a nudist, and wear a ski-mask over your head.

  6. When will it end? by Dr.+Bent · · Score: 3, Funny

    This vulnerability apparently has to do with PAM

    When will people learn that non-stick cooking spray causes more harm than good? Unneeded fat, calories and remote root exploits are just some of the problems caused by these unsavory products. For god's sake, people...there are better ways to dissipate heat and prevent sticking and burning. For one, turn that CPU clock speed down! Just because you can fry an egg on your motherboard, doesn't mean you should! That's what the CD-ROM drive is for!

  7. Not the way to compete with MS by narratorDan · · Score: 1, Funny

    OSS should compete with features and security not number of exploits and patches.

    On second thought, maybe more patches will make IT managers think that OSS=MS in quality and will begin to use OSS more because it is as good as MS.

    NarratorDan

    --
    "If you're not confused by quantum mechanics, you really don't understand it." - Niels Bohr
  8. New Motto by Greyfox · · Score: 4, Funny

    15^H^H10 minutes without a remote root exploit!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  9. Yippee! by mrpuffypants · · Score: 4, Funny

    oooh! Patching every other day is fun!

    This is just like being a MCSE! Now I can hang out with the NT guys and chat about patching!

    1. Re:Yippee! by archen · · Score: 2, Funny

      NT guy: "so like... you DON'T reboot? Huh? Patch? HuH? How can you patch and not reboot?"

  10. Microsoft are the reason by SnowWolf2003 · · Score: 2, Funny

    Are we sure Microsoft aren't involved in this project in some way?

  11. You think you're joking but you're not by Skreech · · Score: 2, Funny

    Frying an Egg on an Athlon XP

  12. Take "OPEN" out of the name by JavaJoint · · Score: 2, Funny


    Ya know, maybe it's time to take the word "Open" out of OpenSSH. It's becoming too much of a self-fulfilling prophecy.

    How about "TheSourceIsOpen_ButWeWillBeDamnedIfYouGetInWithou tAPasswordSSH"? ...