From: Mary Deane (fclmmd@NERSP.NERDC.UFL.EDU)
Date: Tue Jun 25 2002 - 17:29:03 EDT
>From an email I got from a colleague, it was implied that a version 3.3.1p1
may be available by Friday. This may help us all
Cheers
Mary
On Tue, 25 Jun 2002, Tom Syroid wrote:
> Oh NOW you tell me... ;-)
>
> Thanks, Sandy. I've been trying to get Privilege Separation working on my
> box all morning, and I was just about to pull out my remaining hair...
>
> Best,
> /tom
>
> --On Tuesday, June 25, 2002 12:55 -0700 "Sandor W. Sklar"
> <ssklar@STANFORD.EDU> wrote:
>
> > Folks,
> >
> > For those AIXers who are unaware, it appears that, early next week,
> > details of a root exploit in OpenSSH will be made public. The only
> > suggested protection against this vulnerability is to upgrade to the
> > recently released OpenSSH version 3.3.
> >
> > That release contains new functionality called "Privilege
> > Separation"; unfortunately, PrivSep does not work on AIX in that
> > release version. According to members of the openssh-unix-dev
> > mailing list, the current CVS version of OpenSSH has a fix in it for
> > the AIX problem.
> >
> > For more information about all of the above, I'd suggest checking out
> > <http://www.openssh.com>; note that the webpage says that 3.4 will be
> > out on Monday, but I'm assuming that is the OpenBSD-only release, not
> > the portable one needed for AIX.
> >
> > -S-
> > --
> > Sandor W. Sklar - Unix Systems Administrator - Stanford University
> > ITSS Non impediti ratione cogitationis.
> > http://whippet.stanford.edu/~ssklar/
>
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:01 EDT