[2579] in Release_7.7_team

home help back first fref pref prev next nref lref last post

Re: Emergency Athena 8.4.20 patch release right now

daemon@ATHENA.MIT.EDU (Christine Moulen)
Fri Feb 9 09:25:11 2001

Message-Id: <4.2.2.20010209092023.02f3b5c0@po11.mit.edu>
Date: Fri, 09 Feb 2001 09:25:06 -0500
To: release-team@mit.edu
From: Christine Moulen <orbitee@MIT.EDU>
In-Reply-To: <200102090332.WAA05790@egyptian-gods.MIT.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

Would you know where I can get non-Athena-specific information on this 
security hole?  We have a couple of non-Athena Solaris servers running 
sshd, and I run sshd on a Linux machine at home.  I don't know whether 
they'd be affected.
Thanks

At 10:32 PM 2/8/01 -0500, you wrote:
>Hi.  A remotely exploitable security hole was recently found in the
>version of sshd we use on Athena.  To address this issue, we've
>put out an emergency patch release to update sshd.
>
>If you have an AUTOUPDATE=false machine and want to take the patch
>release manually after it goes out, do a console login as root and run
>"update_ws".
>
>If you have a machine which runs sshd and cannot conveniently take the
>update, or a layered Linux machine, you can manually update your sshd
>binary by logging in as root and doing the following:
>
>         ON SOLARIS OR IRIX:
>
>                 cp /srvd/etc/athena/sshd /etc/athena/sshd.new
>                 mv /etc/athena/sshd.new /etc/athena/sshd
>                 # Reboot if reasonable; otherwise restart sshd:
>                 kill `cat /var/athena/sshd.pid`
>                 sshd
>
>         ON LINUX:
>
>                 rpm -U 
> /afs/athena.mit.edu/system/rhlinux/athena-8.4/free/RPMS/athena-ssh-8.4-20. 
> i386.rpm
>                 # Reboot if reasonable; otherwise restart sshd:
>                 kill `cat /var/athena/sshd.pid`
>                 sshd
>
>If you have an Athena 8.3 or earlier machine which runs sshd, please
>disable sshd for now (set SSHD=false in /etc/athena/rc.conf and "kill
>`cat /var/athena/sshd.pid`") and contact us if you need further
>support.
>
>Please send questions or comments to release-team@mit.edu.


Christine Moulen
Library Systems Manager
MIT Libraries, 14-0615
617-253-0757, fax 617-253-8894
orbitee@mit.edu
home help back first fref pref prev next nref lref last post