search for: su132patch

...he commercial Data Fellows SSH package and you have a support contract, you can obtain SSH version 1.3.3 from your local retailer. Users without a support contract can obtain a diff file which fixes this problem. This file can be obtained from: http://www.DataFellows.com/f-secure/support/ssh/bug/su132patch.html Workaround: As a temporary workaround, administrators may remove the setuid bit from the SSH binary. This will prevent the attack from working, but will disable a form of authentication documented as rhosts-RSA. For example, if your SSH binary is in the /usr/local/bin directory, the follo...