OpenSSH: multiple vulnerabilities in the new PAM code
D J Hawkey Jr
hawkeyd at visi.com
Wed Sep 24 07:27:30 PDT 2003
On Sep 24, at 09:20 AM, Jacques A. Vidrine wrote:
>
> On Wed, Sep 24, 2003 at 11:16:03AM +0200, Sheldon Hearn wrote:
> > On (2003/09/23 16:53), Haesu wrote:
> >
> > > Oh jee, here we go again. Hey, at least patched 3.5p1 on FreeBSD
> > > 4.8/4.9 are not effected :)
> >
> > Since -CURRENT's using a modified OpenSSH_3.6.1p1, I don't think this
> > issue affects FreeBSD at all.
>
> Unfortunately, it _does_ affect us. The PAM code in OpenSSH 3.7x was
> taken from FreeBSD's PAM code. des@ is working the issue now.
But just "portable", right? Or are any "core" OpenSSHes across various
FreeBSD releases also vulnerable?
Thanks,
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd at visi.com /\________________/
http://www.visi.com/~hawkeyd/
More information about the freebsd-security
mailing list