Re: OpenSSH: multiple vulnerabilities in the new PAM code

• Previous message: Sheldon Hearn: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• In reply to: Sheldon Hearn: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Next in thread: D J Hawkey Jr: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Reply: D J Hawkey Jr: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Reply: Michael Sierchio: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 24 Sep 2003 09:20:15 -0500
To: Sheldon Hearn <sheldonh@starjuice.net>

On Wed, Sep 24, 2003 at 11:16:03AM +0200, Sheldon Hearn wrote:
> On (2003/09/23 16:53), Haesu wrote:
>
> > Oh jee, here we go again. Hey, at least patched 3.5p1 on FreeBSD
> > 4.8/4.9 are not effected :)
>
> Since -CURRENT's using a modified OpenSSH_3.6.1p1, I don't think this
> issue affects FreeBSD at all.

Unfortunately, it _does_ affect us. The PAM code in OpenSSH 3.7x was
taken from FreeBSD's PAM code. des@ is working the issue now.

Cheers,

-- 
Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Sheldon Hearn: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• In reply to: Sheldon Hearn: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Next in thread: D J Hawkey Jr: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Reply: D J Hawkey Jr: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Reply: Michael Sierchio: "Re: OpenSSH: multiple vulnerabilities in the new PAM code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: OpenSSH: multiple vulnerabilities in the new PAM code ... On Sep 24, at 09:20 AM, Jacques A. Vidrine wrote: ... >> issue affects FreeBSD at all. ... > taken from FreeBSD's PAM code. ... des@ is working the issue now. ... (FreeBSD-Security) Re: OpenSSH: multiple vulnerabilities in the new PAM code ... >> taken from FreeBSD's PAM code. ... > FreeBSD releases also vulnerable? ... I'm only talking about the base system OpenSSH above (which is based ... Ports Collection are likely affected, as they contain the same code ... (FreeBSD-Security) Re: OpenSSH: multiple vulnerabilities in the new PAM code ... > taken from FreeBSD's PAM code. ... des@ is working the issue now. ... Jacques, Dag-Erling - ... (FreeBSD-Security)