OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
Matthew Miller
mattdm at mattdm.org
Tue Dec 7 22:44:06 UTC 2004
On Tue, Dec 07, 2004 at 05:21:30PM -0500, Marcus Lauer wrote:
> I do hope that somebody fixes this, though. Any bug which
> allows a dictionary attack on the root account, unlikely as it is to
> work, is still surely a bad thing.
If you're worried about that, and this _is_ the earlier issue, I believe
there's a simple workaround: use the 'nodelay' flag to pam_unix.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-legacy-list
mailing list