67509 – OpenSSH vulnerablity disclosed on BugTraq

Bug 67509 - OpenSSH vulnerablity disclosed on BugTraq

Summary: OpenSSH vulnerablity disclosed on BugTraq

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openssh
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-06-26 18:05 UTC by Need Real Name
Modified:	2007-04-18 16:43 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-02-04 10:03:49 UTC
Embargoed:

Attachments	(Terms of Use)

Description Need Real Name 2002-06-26 18:05:38 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513

Description of problem:
ISS X-Force disclosed a bug that effects OpenSSH v2.9.9-3.3 if
UsePrivilegeSeparation is disabled.  This vulnerability has also been announced
on Slashdot.

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:

I am seeking the following information:

Has Red hat tested enabling UsePrivilegeSeparation with
openssh-server-3.2.3p1-4.i386.rpm?

Is there any ETA for openssh v3.4 to be packaged?

Thanks

Comment 1 Mark J. Cox 2002-08-13 11:52:58 UTC

RHSA-2002:127 contained a backported security fix for the particular OpenSSH
vulnerability.

Note You need to log in before you can comment on or make changes to this bug.