Bug 60829 - HIGH: Existing users will gain root privileges.
HIGH: Existing users will gain root privileges.
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
7.2
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-07 13:04 EST by Christopher McCrory
Modified: 2014-01-21 17:48 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-03-07 14:08:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher McCrory 2002-03-07 13:04:02 EST
Description of Problem:

Existing users will gain root privileges.


Version-Release number of selected component (if applicable):
All versions between 2.0 and 3.0.2



How Reproducible:


Steps to Reproduce:
1. 
2. 
3. 

Actual Results:


Expected Results:


Additional Information:
	
http://www.pine.nl/advisories/pine-cert-20020301.txt

http://www.openssh.com/
 OpenSSH 3.1 released March 7, 2002.
Comment 1 Nalin Dahyabhai 2002-03-07 14:08:27 EST
An errata is in the works for this.
Comment 2 Nalin Dahyabhai 2002-03-07 15:50:59 EST
This will be RHSA-2002:043 when it's released.
Comment 3 Seth Vidal 2002-03-08 16:37:01 EST
wanted to say thanks for including the red hat linux 6.X patch in the spec file
for 3.1p1 - saved our asses on some older machines.

Comment 4 Konstantin Ryabitsev 2002-03-08 16:45:55 EST
/me hugs nalin. ;)
Comment 5 Seth Vidal 2002-03-08 21:34:14 EST
For anyone rebuilding these rpms on 6.X - the included patch will break ssh-1
connection attempts to a machine running 3.1p1 linked to openssl095a.

more information here:
http://bugzilla.mindrot.org/show_bug.cgi?id=138

hopefully a patch will be coming soon.
Comment 6 Zenon Mousmoulas 2002-03-09 21:21:34 EST
3.1p1 should be rebuilt to include the last patch by Markus Friedl 
(http://bugzilla.mindrot.org/showattachment.cgi?attach_id=35) that attempts to 
fix problems with openssl 0.9.5a on RHL 6.2. However there still seem to be 
some problems even with this patch, so perhaps waiting a couple more days 
wouldn't hurt.
However once it's fixed, please rebuild it :)
Comment 7 Seth Vidal 2002-03-10 15:19:21 EST
http://bugzilla.mindrot.org/showattachment.cgi?attach_id=37

this patch fixes the ssh1 problems for ssh1 and 3des
blowfish is still off.



Note You need to log in before you can comment on or make changes to this bug.