Re: OpenSSL patch applied and now locked out of machine.

From: Kris Kennaway (kris@obsecurity.org)
Date: 07/31/01 

Date: Mon, 30 Jul 2001 18:30:39 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Hank Wethington <bsd@info-logix.com>

On Mon, Jul 30, 2001 at 06:25:07PM -0700, Hank Wethington wrote:
> As I can't see the error OpenSSH is giving (at least until I get to the
> machine tonight), I can only say I'm getting a invalid password response
> from my attempts to SSH into the machine. Also, vpopmail gives an invalid
> password response as well. I will hopefully post more after I've seen the
> machine.
>
> To give a tad more info, the initial release of the update stated that the
> directory was /usr/src/lib/libcrypto/ however the true directory was
> /usr/src/secure/lib/libcrypto/
>
> As is the case with another user, I initially did the make depend && make
> all install in the /usr/src/lib/libcrypt/ dir. Since the other user is
> having a similar issue, perhaps they are related. I won't be to the machine
> until 10p PDT, so I won't have any more info.

Aha..if you did this, you installed a libcrypt which can't handle DES
passwords. The DES-capable library (under 4.3 and earlier, this has
been changed in 4.3-STABLE) is under secure/lib/libcrypt.

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message