Mandrake Linux Security Advisory : openssh (MDKSA-2001:092)
High Nessus Plugin ID 13905
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support that is present in versions 2.9.9 and 3.0.0.
SolutionUpdate the affected packages.