in fact, i really don't want to mess up my system.
but untill now, i don't find RPM-based security fix from Fedora Core project.
SecurityFocus.com indicated this security hole in 2003/09/16 :
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.
in the alternative way, you can download tarball from openssh.org to solve
this problem.
./configure --prefix=/opt
make
make install
modify /etc/rc.d/init.d/sshd :
KEYGEN=/opt/bin/ssh-keygen
SSHD=/opt/sbin/sshd
RSA1_KEY=/opt/etc/ssh_host_key
RSA_KEY=/opt/etc/ssh_host_rsa_key
DSA_KEY=/opt/etc/ssh_host_dsa_key
final, restart your SSHD
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言