OpenSSH: multiple vulnerabilities in the new PAM code

[Dag-ErlingSmørgrav]

Michael Sierchio <kudzu at tenebras.com> writes:
> This affects only 3.7p1 and 3.7.1p1.  The advice to leave
> PAM disabled is far from heartening, nor is the semi-lame
> blaming the PAM spec for implementation bugs.

They have their axe to grind.

The PAM spec is not to be blamed; although the spec is remarkably
unclear on some points related to the offending code, the fault for
the bug is entirely mine.

In the meantime, it is important to point out that privilege
separation (which is on by default in FreeBSD) prevents exploitation
of the first bug, and that there is no known way to exploit the second
bug.

It is also important to point out that the second bug is not directly
PAM-related.  The a bug is in a common portion of the ssh1 kbdint
code; it just so happens that the PAM code is the only kbdint device
which triggers it.  And it just so happens that I wrote those few
lines as well :(

DES
-- 
Dag-Erling Smørgrav - des at des.no