Results 1 to 4 of 4

Thread: OpenSSH Vulnerability

  1. #1
    Senior Member
    Join Date
    Aug 2001

    Exclamation OpenSSH Vulnerability

    The text below is from - http://www.pine.nl/advisories/pine-cert-20020301.txt

    Pine Internet Security Advisory
    - -----------------------------------------------------------------------------
    Advisory ID : PINE-CERT-20020301
    Authors : Joost Pol <joost@pine.nl>
    Issue date : 2002-03-07
    Application : OpenSSH
    Version(s) : All versions between 2.0 and 3.0.2
    Platforms : multiple
    Vendor informed : 20020304
    Availability : http://www.pine.nl/advisories/pine-cert-20020301.txt
    - -----------------------------------------------------------------------------


    A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2

    Users with an existing user account can abuse this bug to
    gain root privileges. Exploitability without an existing
    user account has not been proven but is not considered
    impossible. A malicious ssh server could also use this bug
    to exploit a connecting vulnerable client.


    HIGH: Existing users will gain root privileges.


    Simple off by one error. Patch included.


    The OpenSSH project will shortly release version 3.1.

    Upgrading to this version is highly recommended.

    This version will be made available at http://www.openssh.com

    The FreeBSD port of OpenSSH has been updated to reflect the
    patches as supplied in this document.

    OpenSSH CVS has been updated, see

    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ \

    Or apply the attached patch as provided by PINE Internet:


    With that being said, you can download OpenSSH 3.1here the security hole is fixed in this release.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    Thanks for the post...
    I will have to update NOW ! ! !
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Join Date
    Jan 2002
    I run SSH on my linux server...thank you very much for this information, it is greatly appreciated


  4. #4
    Thank for for that information, I'll be upgrading REAL soon !!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts