Re: Newest OpenSSH advisory

To: Riku Anttila <rixa@cs.tut.fi>
Cc: debian-security@lists.debian.org
Subject: Re: Newest OpenSSH advisory
From: Ramon Kagan <rkagan@yorku.ca>
Date: Wed, 24 Sep 2003 08:09:18 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.58.0309240808030.8453@centaur.ccs.yorku.ca>
In-reply-to: <[🔎] 3F716016.9030803@cs.tut.fi>
References: <[🔎] 3F716016.9030803@cs.tut.fi>

My understanding and look at the changelog is that there has been a
significant amount of work in the pam components of openssh from version
3.6.x to 3.7x.  It is this new code, that has the vulnerability.

Ramon Kagan
York University, Computing and Network Services
Unix Team -  Senior Unix Systems Administrator
(416)736-2100 #20263
rkagan@yorku.ca

-----------------------------------   ------------------------------------
I have not failed.  I have just	       I don't know the secret to success,
found 10,000 ways that don't work.     but the secret to failure is
				       trying to please everybody.
	- Thomas Edison				- Bill Cosby
-----------------------------------   ------------------------------------

On Wed, 24 Sep 2003, Riku Anttila wrote:

> According to http://www.openssh.com/txt/sshpam.adv there are multiple
> vulnerabilities in the "new PAM code of Portable OpenSSH".
>
> It sounds as if it's limited to versions 3.7p1 and3.7.1p1, but I thought
> I'd ask if anyone knows for a fact that the older version in Woody does
> not have this code.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Newest OpenSSH advisory
  - From: Riku Anttila <rixa@cs.tut.fi>

Prev by Date: services installed and running "out of the box"
Next by Date: Re: ProFTPD ASCII File Remote Compromise Vulnerability
Previous by thread: Newest OpenSSH advisory
Next by thread: Re: Newest OpenSSH advisory
Index(es):
- Date
- Thread