SEO

After installing CSSA-2003-SCO.24, I am getting the following error:

> The status from the Policy Management Daemon (/etc/sco_pmd) indicates
> that a serious error condition has occurred. Login is allowed on the
> override device, and the system administrator is strongly advised to
> consult the SCO online Support Solutions Library (SSL) for assistance.
> If the SSL is inaccessible, please contact your SCO Support representative.

Then the login session is closed. This happens when anyone other than
root attempts to login via ssh. telnet is not affected.

Does anyone have any ideas?

"David Rosenberger" <david.rosenberger2@lgeenergy.com> wrote in message
news:tf08ovo9v8nc9r30ejcbh6v2v6mddqt0hf@4ax.com...
> After installing CSSA-2003-SCO.24, I am getting the following error:
>
> > The status from the Policy Management Daemon (/etc/sco_pmd) indicates
> > that a serious error condition has occurred. Login is allowed on the
> > override device, and the system administrator is strongly advised to
> > consult the SCO online Support Solutions Library (SSL) for assistance.
> > If the SSL is inaccessible, please contact your SCO Support
representative.
>
> Then the login session is closed. This happens when anyone other than
> root attempts to login via ssh. telnet is not affected.
>
> Does anyone have any ideas?

Same problem. Had only tested after installation with root access via PuTTy,
as only need sporadic off-site access.

Identical behavior occurs with PuTTY v 0.53b and Cygwin ssh
client(OpenSSH_3.7.1p2).

Software Manager verifies the new OpenSSH package without any file
discrepencies.

I haven't tried uninstalling and trying to build the OpenSSH package from
the OpenSSh web site yet. Has anyone done that, and does the same problem
occur?

David P. Lurie

David P. Lurie typed (on Wed, Oct 08, 2003 at 04:35:25PM +0000):
| "David Rosenberger" <david.rosenberger2@lgeenergy.com> wrote in
| message news:tf08ovo9v8nc9r30ejcbh6v2v6mddqt0hf@4ax.com...
| > After installing CSSA-2003-SCO.24, I am getting the following error:
| >
| > > The status from the Policy Management Daemon (/etc/sco_pmd)
| > > indicates that a serious error condition has occurred. Login
| > > is allowed on the override device, and the system administrator
| > > is strongly advised to consult the SCO online Support Solutions
| > > Library (SSL) for assistance. If the SSL is inaccessible, please
| > > contact your SCO Support representative.
| >
| > Then the login session is closed. This happens when anyone other
| > than root attempts to login via ssh. telnet is not affected.
| >
| > Does anyone have any ideas?
|
| Same problem. Had only tested after installation with root access via
| PuTTy, as only need sporadic off-site access.
|
| Identical behavior occurs with PuTTY v 0.53b and Cygwin ssh
| client(OpenSSH_3.7.1p2).
|
| Software Manager verifies the new OpenSSH package without any file
| discrepencies.
|
| I haven't tried uninstalling and trying to build the OpenSSH package
| from the OpenSSh web site yet. Has anyone done that, and does the same
| problem occur?

Which rock have you been hiding under? I've posted quite a bit about my
build of OpenSSH in the last fortnight.

My OSR 5 SSH (at ftp.jpr.com) packages are built from the same OpenSSH
source as CSSA-2003-SCO.24, but uses a more recent OpenSSL source tree
than does CSSA-2003-SCO.24.

Neither on OSR 5.0.5, 5.0.6, or 5.07 do my binaries show any error like
the one cited, whether accessed by a Unix ssh client or the ones in Anzio
v. 15.

--
JP

I tried all morning (10/8) to get to JPR's ftp site to no avail. Was
it down? Is it mirrored?

george.bush@visto.com typed (on Wed, Oct 08, 2003 at 04:49:05PM -0500):

| I tried all morning (10/8) to get to JPR's ftp site to no
| avail. Was it down? Is it mirrored?

When you post to this newsgroup, please don't give us
useless summaries like "tried ... to no avail". Post the
exact command you used, and what then appeared on your
screen.

I say that because many of us might think of using our
crystal balls instead of guessing what you might have typed,
but we can't, the Dept. of Homeland Security having disabled
all U.S. crystal balls this year.

OTOH, if my ftp server has political leanings that would
preclude access by anyone whose name appears to be
"george.bush", then I need to re-examine wu-ftpd source code
carefully to eliminate any such perverse bias.

Logged in on a foreign computer, I can perfectly well
type 'ftp ftp.jpr.com' and bring up my own ftp server.
Furthermore, /var/adm/xferlog shows ftp transfers succeeded
from ftp.jpr.com at 2:26, 8:49, and 11:36 on Oct. 8.

--
JP

I had actually downloaded both the OpenSSH source tarball and your
openssh4osr507.tar.bz2 on 9/26.

SCO had released the patch installable with Software Manager by the time
that I was able to proceed.

My interpretation of your README and RE-INSTALL is that installation of your
patch over SCO's 3.7.1p2 patch should use the fresh installation approach.
Is that correct?

I found a slightly different copy of your patch file tonight on your FTP
site, with a size of 869KB (10/1/03) vs 863KB (9/26/03). What is the
difference? I was planning to ftp the new file to the server and try it.

Thanks,

David P. Lurie

David P. Lurie typed (on Wed, Oct 08, 2003 at 10:07:04PM -0400):
| I had actually downloaded both the OpenSSH source tarball and your
| openssh4osr507.tar.bz2 on 9/26.
|
| SCO had released the patch installable with Software Manager by the time
| that I was able to proceed.
|
| My interpretation of your README and RE-INSTALL is that installation of your
| patch over SCO's 3.7.1p2 patch should use the fresh installation approach.
| Is that correct?

My tarball installs everything in entirely different locations than
the SCO paths. So you do not install my binaries "over" SCO's, but
alongside them.

| I found a slightly different copy of your patch file tonight on your FTP
| site, with a size of 869KB (10/1/03) vs 863KB (9/26/03). What is the
| difference? I was planning to ftp the new file to the server and try it.

Gee, why should you only notice that today? When I created a newer
version, I did mention it in this newsgroup.

There was a change on Open SSL on 9/30. Use only the latest...

--
JP

On Wed, Oct 08, 2003 at 10:07:04PM -0400, David P. Lurie wrote:
> I had actually downloaded both the OpenSSH source tarball and your
> openssh4osr507.tar.bz2 on 9/26.
>
> SCO had released the patch installable with Software Manager by the time
> that I was able to proceed.

FYI, just came across this in the SCO CSSA-2003-SCO.24/README download
where the vols out to be, dated last night:

"There is a problem with this fix for certain configurations. We are
working on a fix."

--- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ---
-Joe Chasan- Magnatech Business Systems, Inc.
joe@magnatechonline.com Hicksville, NY - USA
http://www.MagnatechOnline.com Tel.(516) 931-4444/Fax.(516) 931-1264

David Rosenberger <david.rosenberger2@lgeenergy.com> wrote in message news:<tf08ovo9v8nc9r30ejcbh6v2v6mddqt0hf@4ax.com>. ..
> After installing CSSA-2003-SCO.24, I am getting the following error:
>
> > The status from the Policy Management Daemon (/etc/sco_pmd) indicates
> > that a serious error condition has occurred. Login is allowed on the
> > override device, and the system administrator is strongly advised to
> > consult the SCO online Support Solutions Library (SSL) for assistance.
> > If the SSL is inaccessible, please contact your SCO Support representative.
>
> Then the login session is closed. This happens when anyone other than
> root attempts to login via ssh. telnet is not affected.
>
> Does anyone have any ideas?

All,

We have a bug in CSSA-2003-SCO.24. We are working to fix it and will
re-release the security fix once the fix is implemented.

Thanks for bring this to my attention.

John

> Logged in on a foreign computer, I can perfectly well
> type 'ftp ftp.jpr.com' and bring up my own ftp server.
> Furthermore, /var/adm/xferlog shows ftp transfers succeeded
> from ftp.jpr.com at 2:26, 8:49, and 11:36 on Oct. 8.

Yup!! but you know the user ID and the access pwd.