hi,
Actually any version of ssh 1.2 or less as well as openssh 1.21 or less..
Best Regards,
[EMAIL PROTECTED]
On Wed, 11 Oct 2000, Pierre Abbat wrote:
> http://linuxtoday.com/news_story.php3?ltsn=2000-10-10-018-04-SC-MD
>
> Problem Description:
>
> A problem exists with openssh's scp program. If a user uses scp to move files
> from a server that has been compromised, the operation can be used to replace
> arbitrary files on the user's system. The problem is made more serious by
> setuid versions of ssh which allow overwriting any file on the local user's
> system. If the ssh program is not setuid or is setuid to someone other than
> root, the intrustion is limited to files with write access granted to the owner
> of the ssh program. In either case, files can be overwritten with code allowing
> others access to the system unexpectedly. While no fix has been provided for
> openssh as of yet, the versions of openssh available for Linux-Mandrake 7.0 and
> 7.1 were setuid root. This update removes the setuid bit from the ssh program
> and limits the exploitability of scp somewhat. All users of Linux-Mandrake are
> encouraged to upgrade to these latest openssh builds. Linux-Mandrake 7.0 users
> will also need to upgrade openssl in order to use the 7.0 update of openssh.
