|
|
Family: Slackware Local Security Checks --> Category: infos
SSA- OpenSSH security problem fixed Vulnerability Scan
Vulnerability Scan Summary
SSA OpenSSH security problem fixed
Detailed Explanation for this Vulnerability Test
New openssh packages are available to fix security problems.
Here's the information from the Slackware 8.0 ChangeLog:
----------------------------
Thu Mar 7 12:00:18 PST 2002
patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.
This fixes a security problem in the openssh package. All sites running
OpenSSH should upgrade immediately.
All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
in the channel code. OpenSSH 3.1 and later are not affected. This bug can
be exploited locally by an authenticated user logging into a vulnerable
OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
client. This bug was discovered by Joost Pol
(* Security fix *)
----------------------------
Click HERE for more information and discussions on this network vulnerability scan.
|
