unspawn writes: Impact HIGH: Existing users will gain root privileges. Synopsis A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. Full text at http://www.pine.nl/advisories/pine-cert-20020301.txt OpenSSH CVS has been updated and a patch is out.
taken from linux.box.sk should i stop sshd waiting for patch from redhat or....? -- ichtus ------ Lewi Supranata .K ICQ: 50643061 _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
