OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
Marc Deslauriers
marcdeslauriers at videotron.ca
Wed Dec 8 01:03:01 UTC 2004
On Tue, 2004-12-07 at 17:21 -0500, Marcus Lauer wrote:
> I do hope that somebody fixes this, though. Any bug which
> allows a dictionary attack on the root account, unlikely as it is to
> work, is still surely a bad thing.
>
The dictionary attack that this bug allows only works if you put
"PermitRootLogin" to "no" in the sshd config file.
Here is a good description of the problem from Red Hat's bugzilla:
With openssh configured to not allow remote root login
(file: /etc/ssh/sshd_config, PermitRootLogin no), an attempt to log
in remotely as root with the wrong password results in a 3 second
delay followed by:
Permission denied, please try again.
If the correct password is entered, there is no delay before
presenting the message:
Permission denied, please try again.
An attacker could measure the time between rejections with an attack
tool and determine the root password.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141642
I don't think the changelog entry Michal posted earlier has anything to do with this bug, so it should definitely go into bugzilla.
Marc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041207/af474b56/attachment.sig>
More information about the fedora-legacy-list
mailing list