Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerabilities in Portable OpenSSH

Posted by michael on Tuesday September 23, 2003 @08:02AM from the will-get-it-right-eventually dept.

An anonymous reader writes "The OpenSSH team has uncovered multiple exploitable vulnerabilities in the days-old portable release of OpenSSH. That's right folks: time to patch *again*. 3.7.1p2 is now available. Instructions and mirror list here. Please note that this vulnerability only affects *portable* OpenSSH--so if you are running OpenBSD, you're safe. This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file. Info on the advisory here and here."

3 of 324 comments (clear)

Min score:

Reason:

Sort:

Re:Non-standard configuration by rsmith-mac · 2003-09-23 08:06 · Score: 1, Redundant

Yes, but what happens when PrivSep is exploited? It too is just like any other code: human written, and potentially weak. It's another layer of security that would have to be bypassed, but it's by no means the end of exploits in other code.
Re:I don't understand by UnderScan · 2003-09-23 08:11 · Score: 1, Redundant

From Portable OpenSSH

Normal OpenSSH development produces a very small, secure, and easy to maintain version for the OpenBSD project. The OpenSSH Portability Team takes that pure version and adds portability code so that OpenSSH can run on many other operating systems (Unfortunately, in particular since OpenSSH does authentication, it runs into a *lot* of differences between Unix operating systems). ...
IMO by Znonymous+Coward · 2003-09-23 08:55 · Score: 0, Redundant

It's time for a code audit.

--
Karma: The shiznight, mostly because I am the Drizzle.