KrUsTy!
September 23rd, 2003, 17:37
looks like more trouble with openssh.
This time its the portable code, PAM it seems. If you are running OpenBSD and are patched you are safe. If you are running anything else and just patched, time to patch again...
http://www.securityfocus.com/archive/121/338617
and
http://www.securityfocus.com/archive/121/338616
{K}
tarballed
September 23rd, 2003, 18:03
I just saw this and was like..wooooooo
This time its the portable code, PAM it seems. If you are running OpenBSD and are patched you are safe. If you are running anything else and just patched, time to patch again...
As long as im up to date with all the latest patches for 3.3, I should be alright?
[code:1:c5cf293bd0]$ ssh -V
OpenSSH_3.7.1, SSH protocols 1.5/2.0, OpenSSL 0.9.7-beta3 30 Jul 2002
[/code:1:c5cf293bd0]
Tarballed
KrUsTy!
September 23rd, 2003, 18:07
As long as im up to date with all the latest patches for 3.3, I should be alright?
This warning and patch is for the portable code, so every other OS using the portable version, but not OpenBSD, as it does not use portable. OpenBSD is safe from the warning above. With the 3.7.1 you should be fine. At least as far as I know...
{K}
soup4you2
September 24th, 2003, 21:51
Well looks like a new addition to /usr/src/UPDATING
saying p7 for openssh pam module..
though the sources are not on the cvsup server we know it's on it's way..
hows this for a heads up.. before the fbsd announcement..
*UPDATE**
ssh sources are there now