openssh 3.0.2이하버전 보안 버그

출처: openssh 메일링 openssh - 3.0.2이하버전에서 유저가 루트의 권한을 가질수있는 버그가 있다고 합니다. openssh서비스를 하고있다면 바로 패치를 하거나 새버전으로 설치하시기 바랍니다. 아래는 메일링의 내용입니다. OpenSSH 3.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Important Changes: ================== - /etc/ssh/ now default directory for keys and configuration files - ssh-keygen no longer defaults to a specific key type (rsa1); use ssh-keygen -t {rsa,dsa,rsa1} - sshd x11 forwarding listens on localhost by default; see sshd X11UseLocalhost option to revert to prior behaviour if your older X11 clients do not function with this configuration Other Changes: ============== - ssh ~& escape char functions now for both protocol versions - sshd ReverseMappingCheck option changed to VerifyReverseMapping to clarify its function; ReverseMappingCheck can still be used - public key fingerprint is now logged with LogLevel=VERBOSE - reason logged for disallowed logins (e.g., no shell, etc.) - more robust error handling for x11 forwarding - improved packet/window size handling in ssh2 - use of regex(3) has been removed - fix SIGCHLD races in sshd (seen on Solaris) - sshd -o option added - sftp -B -R -P options added - ssh-add now adds all 3 default keys - ssh-keyscan bug fixes - ssh-askpass for hostkey dialog - fix fd leak in sshd on SIGHUP - TCP_NODELAY set on X11 and TCP forwarding endpoints OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom. _______________________________________________ openssh-unix-announce@mindrot.org mailing list http://www.mindrot.org/mailman/listinfo/openssh-unix-announce 관련 링크: http://www.openssh.com