Slashdot Mirror


New Vulnerabilities in Portable OpenSSH

An anonymous reader writes "The OpenSSH team has uncovered multiple exploitable vulnerabilities in the days-old portable release of OpenSSH. That's right folks: time to patch *again*. 3.7.1p2 is now available. Instructions and mirror list here. Please note that this vulnerability only affects *portable* OpenSSH--so if you are running OpenBSD, you're safe. This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file. Info on the advisory here and here."

10 of 324 comments (clear)

  1. GRUB SUCKS THE RAT CUM OUT OF DEAD RAT CUNTS! FAG! by Anonymous Coward · · Score: -1, Troll
  2. The rumors are true... by Anonymous Coward · · Score: -1, Troll

    SSH is dying!!

  3. Re:hmm by Anonymous Coward · · Score: -1, Troll

    its a fucking authentication module you stupid piece of shit go off and kill yourself you dont even deserve to use the internet

  4. Re:A solution? by Corgha · · Score: 2, Troll

    The PAM support in that version of portable OpenSSH is broken, anyway. They ripped the old PAM support out and replaced it with something half-done.

    That's why I backported the security patches, instead of upgrading. Now I'm glad that I did.

  5. ON WAY MAN by Anonymous Coward · · Score: -1, Troll

    it's written by teh OpenBSD dudes. they are gods among men.

  6. Re SUCKIT FAGG0RRZZ!!! by Anonymous Coward · · Score: -1, Troll

    you refill the rat-cunt with your SP00GE, FAG.

  7. As usual.... by Anonymous Coward · · Score: -1, Troll

    Debian users will be exploitable. This is because debian uses so called "stable" (even in "unstable") obsolete versions of programs that are swiss cheese for security. Don't tell me about backporting, because you know what they say, you can't polish a turd.

    This post is gaurenteed a -1, when going s/debian/microsoft/g would get +5, insightful. Remember to metamod unfair.

  8. Re:Incapable developers! by Anonymous Coward · · Score: -1, Troll

    You guys wouldn't know a decent OS if it ran up and bit you in the ass. OpenSSH is a SERVICE in your Win-babble. It's not even loaded by the kernel and it's certainly not required software to run Linux. So why don't you keep quiet and go back to Kazaa'ing or surfing porn or whatever it is you do on your Fisher-Price OS.

  9. HAHA! by datrus · · Score: -1, Troll

    HAHA!

  10. gasp by Cat_Byte · · Score: 0, Troll

    You mean the Windows version of putty is still secure and open source isn't? for shame! Go ahead anti MS fascists. Mod me down. If I had said it the other way around it would be +5 informative. I use both and the only reason I still use MS is because the programs I want to run won't run on *nix. They've had years to make it work and haven't yet even in beta. Make Quicken and my games work in *nix and my path to the dark side will be complete.

    --
    Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.