[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure

From: Matthew Miller <mattdm mattdm org>
To: marcus lauer nyu edu, Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Cc:
Subject: Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
Date: Tue, 7 Dec 2004 17:44:06 -0500

On Tue, Dec 07, 2004 at 05:21:30PM -0500, Marcus Lauer wrote:
>         I do hope that somebody fixes this, though.  Any bug which
> allows a dictionary attack on the root account, unlikely as it is to
> work, is still surely a bad thing.

If you're worried about that, and this _is_ the earlier issue, I believe
there's a simple workaround: use the 'nodelay' flag to pam_unix.



-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>

References:
- OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
  - From: John Dalbec
- Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
  - From: Michal Jaegermann
- Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
  - From: Matthew Miller
- Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
  - From: Marcus Lauer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]