Re: 3.9p1 is affected by CAN-2003-0190 ?

From: Elikster (elik_at_webspires.com)
Date: 12/16/04

  • Next message: Friedrich Lindenberg: "OpenSSH 3.9p1 hangs after authentication"
    Date: Thu, 16 Dec 2004 11:13:09 -0600
    To: secureshell@securityfocus.com
    
    

    Hello Marco,

       Seems so, but it only affects the SSH if it have PAM authentication enabled in the SSH Configuration. If you don't have PAM enabled within SSH, then it is not exploitable.

    Thursday, December 16, 2004, 8:56:42 AM, you wrote:

    > SecurityFocus has published a "new" vulnerability on 30 Nov 2004,
    > http://www.securityfocus.com/bid/11781
    > that seems to affect also the latest Portable OpenSSH version ,3.9p1.

    > The CVE has assigned the CAN-2003-0190.

    > Is it right ?

    > Thanks

    > Marco

    -- 
    Best regards,
     Elikster                            mailto:elik@webspires.com
    

  • Next message: Friedrich Lindenberg: "OpenSSH 3.9p1 hangs after authentication"