Just saw this on http://osx.macnn.com/:
The OpenSSH group has has posted a patch for the SSH component included in Mac OS X 10.1.3 that fixes a potentially serious security flaw in the software. According to a Pine Internet Security report, users with an existing account can abuse this bug to gain root privileges. Additionally, a malicious SSH server could take advantage of the bug by exploiting a vulnerable connecting client. Pine rates the potential impact of the security hole to be 'high' if not patched.
I took a look at the "patch". You have to go in and manually swap in the new code. Bleagh! I hope Apple creates their own patch soon, and releases it via SU.
I really hope we don't start seeing a lot of this...I'm getting comfortable with the CLI, but I don't want to have to spend the majority of my time there to keep my system functional.
The OpenSSH group has has posted a patch for the SSH component included in Mac OS X 10.1.3 that fixes a potentially serious security flaw in the software. According to a Pine Internet Security report, users with an existing account can abuse this bug to gain root privileges. Additionally, a malicious SSH server could take advantage of the bug by exploiting a vulnerable connecting client. Pine rates the potential impact of the security hole to be 'high' if not patched.
I took a look at the "patch". You have to go in and manually swap in the new code. Bleagh! I hope Apple creates their own patch soon, and releases it via SU.
I really hope we don't start seeing a lot of this...I'm getting comfortable with the CLI, but I don't want to have to spend the majority of my time there to keep my system functional.