Bug 60829 - HIGH: Existing users will gain root privileges.
Summary: HIGH: Existing users will gain root privileges.
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: All Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-07 18:04 UTC by Christopher McCrory
Modified: 2014-01-21 22:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-07 19:08:32 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2002:043 normal SHIPPED_LIVE : Updated openssh packages available 2002-03-05 05:00:00 UTC

Description Christopher McCrory 2002-03-07 18:04:02 UTC
Description of Problem:

Existing users will gain root privileges.

Version-Release number of selected component (if applicable):
All versions between 2.0 and 3.0.2

How Reproducible:

Steps to Reproduce:

Actual Results:

Expected Results:

Additional Information:

 OpenSSH 3.1 released March 7, 2002.

Comment 1 Nalin Dahyabhai 2002-03-07 19:08:27 UTC
An errata is in the works for this.

Comment 2 Nalin Dahyabhai 2002-03-07 20:50:59 UTC
This will be RHSA-2002:043 when it's released.

Comment 3 Seth Vidal 2002-03-08 21:37:01 UTC
wanted to say thanks for including the red hat linux 6.X patch in the spec file
for 3.1p1 - saved our asses on some older machines.

Comment 4 Konstantin Ryabitsev 2002-03-08 21:45:55 UTC
/me hugs nalin. ;)

Comment 5 Seth Vidal 2002-03-09 02:34:14 UTC
For anyone rebuilding these rpms on 6.X - the included patch will break ssh-1
connection attempts to a machine running 3.1p1 linked to openssl095a.

more information here:

hopefully a patch will be coming soon.

Comment 6 Zenon Mousmoulas 2002-03-10 02:21:34 UTC
3.1p1 should be rebuilt to include the last patch by Markus Friedl 
(http://bugzilla.mindrot.org/showattachment.cgi?attach_id=35) that attempts to 
fix problems with openssl 0.9.5a on RHL 6.2. However there still seem to be 
some problems even with this patch, so perhaps waiting a couple more days 
wouldn't hurt.
However once it's fixed, please rebuild it :)

Comment 7 Seth Vidal 2002-03-10 20:19:21 UTC

this patch fixes the ssh1 problems for ssh1 and 3des
blowfish is still off.

Note You need to log in before you can comment on or make changes to this bug.