Re: FreeBSD Security Advisory FreeBSD-SA-10:05.opie



Hello!

2010/5/27 FreeBSD Security Advisories <security-advisories@xxxxxxxxxxx>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-10:05.opie                                       Security Advisory
                                                         The FreeBSD Project
...

IV.  Workaround
No workaround is available, but systems without OPIE capable services
running are not vulnerable.

Wouldn't just commenting out all references to pam_opie* in
/etc/pam.d/* create a viable workaround?

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch
# fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch.asc

Apparently correct URLs are

# fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch
# fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch.asc



--
Sincerely, Dmitry
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"