Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
I have prefered wait a real bugfixe and in waiting I have installed
telnetd-ssl and block all ssh traffic in the firewalls
On Tue, 2002-06-25 at 15:57, Kruskal wrote:
> Wichert Akkerman <wichert@wiggy.net> writes:
>
> > ------------------------------------------------------------------------
> > Debian Security Advisory DSA-134-2 security@debian.org
> > http://www.debian.org/security/ Wichert Akkerman
> > June 25, 2002
> > ------------------------------------------------------------------------
> >
> >
> > Package : ssh
> > Problem type : remote exploit
> > Debian-specific: no
>
> Has anyone applied this update yet? I did so on a potato box, enabled
> priv separation in the sshd config file and restarted sshd. I saw
> that a user called sshd was created. However, when I ssh'ed in, I
> didn't see any processes owned by sshd. In fact, the ssh daemon
> process was still owned by root.
>
> Anybody have any thoughts on this? Does priv sep work in potato?
>
> --
> --Kruskal
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
francois bayart
avence [ electro-communication ] · 217 rue saint-honoré · 75001 paris
france
http://www.avence.com · tel: +(33) 1-4927-9830 · fax: +(33) 1-4927-9894
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: