[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Upcoming OpenSSH vulnerability

To: Rémi Guyomarch <rguyom@pobox.com>
Subject: Re: Upcoming OpenSSH vulnerability
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Tue, 25 Jun 2002 03:12:27 -0600
Cc: misc@openbsd.org

Maybe yes, maybe no.

Note I've not answered your question either way.  So what are you going to
do?  Perhaps follow the instructions I sent?

> On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> > There is an upcoming OpenSSH vulnerability that we're working on with
> > ISS.  Details will be published early next week.
> > 
> > However, I can say that when OpenSSH's sshd(8) is running with priv
> > seperation, the bug cannot be exploited.
> 
> Does it means that this bug can be exploited when sshd is running with
> "PermitRootLogin yes" ?
> 
> -- 
> Rémi

Follow-Ups:
- Re: Upcoming OpenSSH vulnerability
  - From: Ben Goren <ben@trumpetpower.com>
- Re: Upcoming OpenSSH vulnerability
  - From: Rémi Guyomarch <rguyom@pobox.com>

References:
- Re: Upcoming OpenSSH vulnerability
  - From: Rémi Guyomarch <rguyom@pobox.com>

Prev by Date: Re: Upcoming OpenSSH vulnerability
Next by Date: Re: Upcoming OpenSSH vulnerability
Prev by thread: Re: Upcoming OpenSSH vulnerability
Next by thread: Re: Upcoming OpenSSH vulnerability
Index(es):
- Date
- Thread