I got this from /. It is a root exploit in the
wild....
Subject: OpenSSH 3.7 released
Date: Tue, 16 Sep 2003 14:07:00 +0200
From: Markus Friedl
To: openssh-unix-dev _at_ mindrot.org
OpenSSH 3.7 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or posters.
We have a new design of T-shirt available, more info on
http://www.openbsd.org/tshirts.html#18
For international orders use http://https.openbsd.org/cgi-bin/order and
for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Security Changes:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is potentially
exploitable, however, we prefer to see bugs fixed proactively.
--
thanks,
Danny G Smith
---------------------------------------------------------
Crystallography Core Computer Manager / Sr UNIX Sys Adm
---------------------------------------------------------
Crystallography Dept Oklahoma Medical Research Foundation
phone(405)271-8954 fax(405)271-7953 dept(405)271-1672
=========================================================
UNIX air conditioned environment, keep the windows closed