28847 – OpenSSH 3.6.1 seems to have several remote root vulnerabilities

Bug 28847 - OpenSSH 3.6.1 seems to have several remote root vulnerabilities

Summary: OpenSSH 3.6.1 seems to have several remote root vulnerabilities

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:	http://lists.netsys.com/pipermail/ful...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-16 00:06 UTC by Raimund Specht
Modified:	2003-09-16 06:21 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raimund Specht 2003-09-16 00:06:36 UTC

According to postings on Full-Disclosure mailinglist (see URL), there seem to be
several vulnerabilities in the most recent version of OpenSSH. These
vulnerabilities permit remote root access to the OpenSSH server.
No details or patches seem to be publically available yet, but one should be
very careful (e.g. restrict access to sshd from trusted networks only; privilege
separation doesn't seem to help) and upgrade OpenSSH as soon as fixes are released.

Comment 1 SpanKY gentoo-dev

2003-09-16 03:46:59 UTC

re-open when a real CERT or announcement has been made

Comment 2 SpanKY gentoo-dev

2003-09-16 06:21:07 UTC

Bug 28873 :)