[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability



[Raymond Wood wrote in newsgate.debian.security]
 > Potato and Woody are both patched then.  What is the recommended
 > course of action for those running Sid?  Should Sid users
 > install the Woody patch, or is this a bad idea?

Personally, I've dist-upgraded all woody and sid boxen I have, the sid
machines took the woody package without trouble. Just set PAM auth by
keyboard interactive to "no" and left it to it.

Oh, the package created an 'sshd' user, and set it's homedir to
$HOMEDIRS/sshd, but didn't create the homedir itself. Since there isn't any
PoC code to test this with, I don't know how the chroot will end up. Anyone
got any ideas? I'd hate for the sandbox to end up being /.

-- 
rob                                 <e> rob@impure.org.uk <pgp> 0x8bb5c71e


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: