I got this from /.  It is a root exploit in the wild....


Subject: OpenSSH 3.7 released
Date: Tue, 16 Sep 2003 14:07:00 +0200
From: Markus Friedl
To: openssh-unix-dev _at_ mindrot.org

OpenSSH 3.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters.

We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18

For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu

Security Changes:

    All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively.
--
thanks,
Danny G Smith

---------------------------------------------------------
Crystallography Core Computer Manager / Sr UNIX Sys Adm
---------------------------------------------------------
Crystallography Dept Oklahoma Medical Research Foundation
phone(405)271-8954   fax(405)271-7953   dept(405)271-1672
=========================================================
UNIX air conditioned environment, keep the windows closed