OpenSSH 3.9p1-portable PAM Authentication Remote Information Disclosure
Tres Seaver
tseaver at zope.com
Tue Dec 7 16:01:38 UTC 2004
John Dalbec wrote:
> Does this affect -Legacy?
> 04.48.30 CVE: CAN-2003-0190
> Platform: Cross Platform
> Title: OpenSSH-portable PAM Authentication Remote Information
> Disclosure
> Description: OpenSSH is an open source implementation of the Secure
> Shell protocol. It is vulnerable to a remote information disclosure
> issue that allows an attacker to guess valid user names on the target
> system. OpenSSH version 3.9p1 is known to be vulnerable.
> Ref: http://www.securityfocus.com/advisories/7575
No. RHSA-2003:222-01, issued 2003/07/29, fixed that issue for RH7.1
through RH9.
http://lwn.net/Articles/41641/
Fedora Core 1 was cut after that point.
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the fedora-legacy-list
mailing list