OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
Michal Jaegermann
michal at harddata.com
Tue Dec 7 15:53:55 UTC 2004
On Tue, Dec 07, 2004 at 09:36:11AM -0500, John Dalbec wrote:
> Does this affect -Legacy?
> 04.48.30 CVE: CAN-2003-0190
> Platform: Cross Platform
> Title: OpenSSH-portable PAM Authentication Remote Information
> Disclosure
......
On the first glance this looks like a problem which has the
following entry in a changelog from openssh-3.1p1-14:
* Thu Jun 05 2003 Nalin Dahyabhai <nalin at redhat.com> 3.1p1-7
- backport patch to close timing attacks when PAM authentication is
short-circuited by other checks
At this iime I am not absolutely sure about that.
Michal
More information about the fedora-legacy-list
mailing list