[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenSSH and PAM



On Wed, Jul 10, 2002 at 11:11:18AM -0400, Matt Miller wrote:
>     
> I am running OpenSSH 3.1p1. I did read that the new version of ssh will
> break PAM if "UsePrivilegeSeparation" is set to "yes" in the

correct it will, and your version has a exploitable root hole in the
PAM keyboard interactive bits.

unfortunatly you get to choose exploitable root hole or no properly
working passwd expiration in ssh at this point. (passwds will expire
and ssh will honor that by happily denying access, giving no
opertunity to pick a new password).

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00003.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []