Hallo! * Martin Schmitt wrote/schrieb: > Hier ist das Security-Advisory von Debian.
Evtl. Hilft dir das: when OpenSSH's sshd(8) is running with priv separation, the bug cannot be exploited. OpenSSH 3.3p was released a few days ago, with various improvements but in particular, it significantly improves the Linux and Solaris support for priv sep. However, it is not yet perfect. Compression is disabled on some systems, and the many varieties of PAM are causing major headaches. However, everyone should update to OpenSSH 3.3 immediately, and enable priv separation in their ssh daemons, by setting this in your /etc/ssh/sshd_config file: UsePrivilegeSeparation yes Depending on what your system is, privsep may break some ssh functionality. However, with privsep turned on, you are immune from at least one remote hole. Gru� //Robert -- ,-----------------------------------------------------------------------------. > Robert Weissgraeber | The squeaky wheel doesn't always get the grease. < > [EMAIL PROTECTED] | Sometimes it gets replaced. < `-----------------------------------------------------------------------------' ---------------------------------------------------------------------------- PUG - Penguin User Group Wiesbaden - http://www.pug.org
