Bug#212463: pam security problem in OpenSSH again?

To: submit@bugs.debian.org
Subject: Bug#212463: pam security problem in OpenSSH again?
From: Brian Ristuccia <brian@ristuccia.com>
Date: Tue, 23 Sep 2003 17:00:07 -0400
Message-id: <[🔎] 20030923210007.GE19245@osiris.978.org>
Reply-to: Brian Ristuccia <brian@ristuccia.com>, 212463@bugs.debian.org

Package: ssh
Version: 1:3.4p1-1.woody.3
Serverity: grave

Looks like there's some serious security problem in the PAM implementation.
There's been a lot of changes in this area after 1.3.6, so it's not clear if
the version Debian is distributing are affected. Someone, either the
security team or the package maintainer, should have a look.

http://www.securityfocus.com/archive/121/338616
http://www.securityfocus.com/archive/121/338617

-- 
Brian Ristuccia
brian@ristuccia.com
bristucc@cs.uml.edu

Reply to:

Follow-Ups:
- Bug#212463: marked as done (pam security problem in OpenSSH again?)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#211640: ssh: contains unlicensed Internet-Draft in /usr/share/doc/ssh/RFC.gz
Next by Date: Bug#211434: failure notice
Previous by thread: Bug#187558: ssh: log output of pam_limits.so in debug mode
Next by thread: Bug#212463: marked as done (pam security problem in OpenSSH again?)
Index(es):
- Date
- Thread