OpenSSH: multiple vulnerabilities in the new PAM code
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Sep 24 07:20:19 PDT 2003
On Wed, Sep 24, 2003 at 11:16:03AM +0200, Sheldon Hearn wrote:
> On (2003/09/23 16:53), Haesu wrote:
>
> > Oh jee, here we go again. Hey, at least patched 3.5p1 on FreeBSD
> > 4.8/4.9 are not effected :)
>
> Since -CURRENT's using a modified OpenSSH_3.6.1p1, I don't think this
> issue affects FreeBSD at all.
Unfortunately, it _does_ affect us. The PAM code in OpenSSH 3.7x was
taken from FreeBSD's PAM code. des@ is working the issue now.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list