On Thu, Dec 22, 2005 at 02:13:37PM +0200, Mikko H??nninen wrote:
> Package: rssh
> Version: 2.2.3-1
> Severity: grave
> Tags: security
>
> >From the rssh website, http://www.pizzashack.org/rssh/
>
> Important Security Notice:
>
> Max Vozeler has reported a problem whereby rssh can allow users who have
> shell access to systems where rssh is installed (and rssh_chroot_helper
> is installed SUID) to gain root access to the system, due to the
> ability to chroot to arbitrary locations. There are a lot of potentially
> mitigating factors, but to be safe you should upgrade immediately. This
> bug affects all versions of rssh from v2.0.0 to v2.2.3, so please
> upgrade now!
>
> I believe this affects the Debian package, since I could not find any
> documentation on this issue being fixed in the current stable verion.
> A new version, 2.3.0 is available upstream to fix this issue. I believe
> it will also fix bug #339531.
I am already working on it, but there seems to be a small problem with the
compilation.
Thanks for sending the bug, though.
--
Jesus Climent info:www.pumuki.org
Unix SysAdm|Linux User #66350|Debian Developer|2.6.14|Helsinki Finland
GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69
Like my old grand daddy used to say, "The less a man makes declarative
statements, the less apt he is to look foolish in retrospect."
--Chester (Four Rooms)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
