Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Mar 08, 2002

  • Red Hat Security Advisory: openssh (Mar 08, 2002, 22:13)
    "Updated openssh packages are now available for Red Hat Linux 7, 7.1, and 7.2 which close a remotely-exploitable vulnerability in sshd."

  • Conectiva Linux Security Announcement: openssh (Mar 08, 2002, 22:13)
    "Joost Pol discovered[1] a off-by-one bug in OpenSSH's channel code that could be used by an attacker with a local account on the victim's machine to obtain root privileges on that machine. Another scenario for this vulnerability is that of a malicious ssh server exploiting a vulnerable ssh client connecting to it."

  • Debian Security: ssh channel bug (Mar 08, 2002, 21:56)
    "Since Debian 2.2 (potato) shipped with OpenSSH (the "ssh" package) version 1.2.3, it is not vulnerable to this exploit. No fix is required for Debian 2.2 (potato). The Debian unstable and testing archives do include a more recent OpenSSH (ssh) package. "

  • SuSE Security Announcement: Systems running versions of openssh before version 3.1 (Mar 08, 2002, 18:44)
    "Joost Pol discovered an off-by-one bug in a routine in the openssh code for checking channel IDs. This bug can be exploited on the remote side by an already authenticated user, qualifying this bug as a local security vulnerability, and on the local side if a malicious server attacks the connected client, qualifying this bug as a remote vulnerability."

  • Red Hat Security Advisory: openssh (Mar 28, 2001, 20:23)
    "Weaknesses in the SSH protocols can be used by a passive attacker to deduce information about passwords entered over an encrypted connection."