[ale] OpenSSH root vulnerability

Stuffed Crust pizza at shaftnet.org
Fri Mar 8 13:14:28 EST 2002


On Fri, Mar 08, 2002 at 12:42:23PM -0500, John Mills wrote:
> Setup: RH 6.2, gcc-2.91.66 ('vanilla' RH-6.2)
> 
> Only some mirrors have any source of 'portable' openssh-3.1 - I downloaded
> what I found: 'openssh-3.1p1.tar.gz' and unpacked it. 'configure' ran OK,
> but 'make' crashed on:

There aren't "stock" RH 6.2 RPMs, so one has to build their own.  The
problem is that RH6.2 comes with openssl0.9.5a, which doesn't want to
compile cleanly with openssh 3.1.

So, you need to upgrade to a newer versiopn of openssl.
I built openssl 0.9.6b and openssh 3.1; RH 6.2 RPMs are at:

ftp://ftp.shaftnet.org/pub/rpms/redhat-6.2/i386

openssh-3.1p1-1.i386.rpm
openssh-askpass-3.1p1-1.i386.rpm
openssh-askpass-gnome-3.1p1-1.i386.rpm
openssh-clients-3.1p1-1.i386.rpm
openssh-server-3.1p1-1.i386.rpm
openssl095a-0.9.5a-11.i386.rpm
openssl-0.9.6b-8.i386.rpm
openssl-devel-0.9.6b-8.i386.rpm
openssl-perl-0.9.6b-8.i386.rpm

Enjoy.

 - Pizza
-- 
Solomon Peachy                                    pizzaATfucktheusers.org
I ain't broke, but I'm badly bent.                           ICQ# 1318344
Patience comes to those who wait.
    ...It's not "Beanbag Love", it's a "Transanimate Relationship"...

 PGP signature




More information about the Ale mailing list