25 Jun
2002
25 Jun
'02
21:01
* Ryan Swenson (Ryan.Swenson@togethersoft.com) [020625 12:16]: :: ::Redhat SA told me they use the Redhat OpenSSH 3.1 patched version which is not vulnerable to this and does not have priv seperation or chroot support. He's wrong. The vunerablity hasn't been announced yet so he wouldn't know if it was or not. The reason for using 3.3p1 w/ privsep is because it makes it harder to exploit this bug. I would do as the OpenBSD/OpenSSH team recommends just because it's their sandbox and they know it best. But this is just my opinion. -=Ben --=====-----=====-- mailto:ben@whack.org --=====-- Tell me what you believe..I tell you what you should see. -DP --=====-----=====--