[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] OpenSSH root vulnerability



On Fri, Mar 08, 2002 at 12:42:23PM -0500, John Mills wrote:
> Setup: RH 6.2, gcc-2.91.66 ('vanilla' RH-6.2)
> 
> Only some mirrors have any source of 'portable' openssh-3.1 - I downloaded
> what I found: 'openssh-3.1p1.tar.gz' and unpacked it. 'configure' ran OK,
> but 'make' crashed on:

There aren't "stock" RH 6.2 RPMs, so one has to build their own.  The
problem is that RH6.2 comes with openssl0.9.5a, which doesn't want to
compile cleanly with openssh 3.1.

So, you need to upgrade to a newer versiopn of openssl.
I built openssl 0.9.6b and openssh 3.1; RH 6.2 RPMs are at:

ftp://ftp.shaftnet.org/pub/rpms/redhat-6.2/i386

openssh-3.1p1-1.i386.rpm
openssh-askpass-3.1p1-1.i386.rpm
openssh-askpass-gnome-3.1p1-1.i386.rpm
openssh-clients-3.1p1-1.i386.rpm
openssh-server-3.1p1-1.i386.rpm
openssl095a-0.9.5a-11.i386.rpm
openssl-0.9.6b-8.i386.rpm
openssl-devel-0.9.6b-8.i386.rpm
openssl-perl-0.9.6b-8.i386.rpm

Enjoy.

 - Pizza
-- 
Solomon Peachy                                    pizzaATfucktheusers.org
I ain't broke, but I'm badly bent.                           ICQ# 1318344
Patience comes to those who wait.
    ...It's not "Beanbag Love", it's a "Transanimate Relationship"...

 PGP signature