Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
From: Kruskal <kruskal@my-deja.com>
Date: 25 Jun 2002 08:57:17 -0500
Message-id: <[🔎] 87sn3b4g1u.fsf@hermit.monsters.edu>
In-reply-to: <20020625123712.GA25088@wiggy.net>
References: <20020625123712.GA25088@wiggy.net>

Wichert Akkerman <wichert@wiggy.net> writes:

> ------------------------------------------------------------------------
> Debian Security Advisory DSA-134-2                   security@debian.org
> http://www.debian.org/security/                         Wichert Akkerman
> June 25, 2002
> ------------------------------------------------------------------------
> 
> 
> Package        : ssh
> Problem type   : remote exploit
> Debian-specific: no

Has anyone applied this update yet?  I did so on a potato box, enabled
priv separation in the sshd config file and restarted sshd.  I saw
that a user called sshd was created.  However, when I ssh'ed in, I
didn't see any processes owned by sshd.  In fact, the ssh daemon
process was still owned by root.

Anybody have any thoughts on this?  Does priv sep work in potato?

-- 
--Kruskal

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
  - From: Mark Janssen <maniac@maniac.nl>
- Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
  - From: Francois Bayart <francois@famipow.com>

Prev by Date: Re: DSA-134-1
Next by Date: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
Previous by thread: Re: ssh and password authentication
Next by thread: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
Index(es):
- Date
- Thread