|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pete Gontier (kokorozashi_at_gontier.org)
Date: Tue Aug 06 2002 - 18:32:04 CDT
The recent hole in sshd still has me confused, I'm afraid. I mean this one:
<http://www.openssh.com/txt/preauth.adv>
When I saw the first reports of the hole, I shut off my sshd, since after
all the machine is right behind me and I can always use the console if
necessary. So I'm not worried I've been compromised.
After the advisories seemed to die down, I tried to figure out what I ought
to do before re-enabling sshd. I could go get an OpenSSH tarball and build
it from scratch, but I was kinda hoping that since I am tracking
OPENBSD_2_9, I could just do a cvs update and rebuild the appropriate stuff.
So I did the update, and some relevant files got updated. But then I
realized it had been a while since I did a userland update and thought to
myself, self, are you sure these updates address the hole? And the answer
was gee, self, I dunno.
So, what's the story? If I'm tracking OPENBSD_2_9, can I assume the hole in
sshd has been plugged? Or should I bite the bullet and build what's in the
tarball from OpenSSH.org?
--
Pete Gontier <http://www.pete.gontier.org/>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]