[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure

From: Tres Seaver <tseaver zope com>
To: fedora-legacy-list lists dulug duke edu
Cc:
Subject: Re: OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
Date: Tue, 07 Dec 2004 16:01:38 -0000

John Dalbec wrote:

Does this affect -Legacy?
04.48.30 CVE: CAN-2003-0190
Platform: Cross Platform
Title: OpenSSH-portable PAM Authentication Remote Information
Disclosure
Description: OpenSSH is an open source implementation of the Secure
Shell protocol. It is vulnerable to a remote information disclosure
issue that allows an attacker to guess valid user names on the target
system. OpenSSH version 3.9p1 is known to be vulnerable.
Ref: http://www.securityfocus.com/advisories/7575

No. RHSA-2003:222-01, issued 2003/07/29, fixed that issue for RH7.1 through RH9.

http://lwn.net/Articles/41641/

Fedora Core 1 was cut after that point.

Tres.
--
===============================================================
Tres Seaver                                tseaver zope com
Zope Corporation      "Zope Dealers"       http://www.zope.com

References:
- OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
  - From: John Dalbec

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]