[plug] X11 connection rejected with updated ssh

Bill Kenworthy billk at iinet.net.au
Fri Sep 26 09:38:44 WST 2003


You might want to reconsider as I believe that prior to 3.7, there is an
exploit in the wild for some months and it apparently has been used to
hack into boxes.  The current pam problems are still theoretical (and
apply to  only some configurations), and are likely to remain
theoretical because they have been fixed.  Basicly, if you are not
running the latest version, you are vulnerable.

This is one case where waiting for the dust to settle is likely to
increase your exposure ...

BillK

On Fri, 2003-09-26 at 07:48, James Devenish wrote:
> In message <200309252354.59254.leon at brooks.fdns.net>
> on Thu, Sep 25, 2003 at 11:54:59PM +0800, Leon Brooks wrote:
> > On Wed, 24 Sep 2003 23:41, Rob Dunne wrote:
> > > rubber# rpm -q openssh
> > > openssh-3.1p1-14
> > 
> > Uhr? Unless you've been *very* busy backporting patches, you probably 
> > want to run 3.6p2
> 
> (Firstly noting that I don't recall what distro Rob is using, and I
> don't know how RPM works...) For RedHat RPMs, openssh-3.1p1-13 includes
> patches up to and including those in OpenSSH 3.7.1, if I understand this
> correctly: <https://rhn.redhat.com/errata/RHSA-2003-279.html>
> 
> 
> _______________________________________________
> plug mailing list
> plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug

_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list