[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh difference v3.3 vs. 3.4 ???

On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote:
> 3.4 contains bugfixes for a few problems I don't completely understand
> but I believe that there was a bug that could allow root access. 

If you're running 3.3 with privilege separation enabled (as it is by
default), most remote root exploits become remote exploits of the sshd
user, which is considerably less serious. 3.4 added fixes for the real
problems rather than just bandaging over them.

However, 3.3 and I believe 3.4 both break certain parts of PAM support
and various other things, at least when privilege separation is enabled.

> Check www.slashdot.org for some information on it.

That wouldn't be my first port of call for security information, I must
say. :)

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: