# OpenSSH root exploit

## Target

A vulnerablility with Kerberos and AFS was found in OpenSSH, which afaik is enabled by default in Gentoo:

http://linux.oreillynet.com/pub/a/linux/2002/04/29/insecurities.html#openssh

The version in portage is 3.1_pr1-r2, which appears to be locally vulnerable. Does this apply to us? If so, we could probably use a new ebuild ASAP.

----------

## pjp

How does one determine if this affects them?  I have no use for openssh, so I'd just prefer to not have it running.

EDIT:  Found this http://www.gentoo.org/news/20020307-nvidia.html

Seems like I've noticed that before, so it may have been fixed for a while now.

----------

## Target

That's a relief, then. They must have simply installed the patch.

----------

