Date: Wed, 24 Sep 2003 21:00:12 +0200 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: Michael Sierchio <kudzu@tenebras.com> Cc: security@freebsd.org Subject: Re: OpenSSH: multiple vulnerabilities in the new PAM code Message-ID: <xzp7k3ym2pv.fsf@dwp.des.no> In-Reply-To: <3F705D4D.4070404@tenebras.com> (Michael Sierchio's message of "Tue, 23 Sep 2003 07:48:45 -0700") References: <3F705D4D.4070404@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Sierchio <kudzu@tenebras.com> writes: > This affects only 3.7p1 and 3.7.1p1. The advice to leave > PAM disabled is far from heartening, nor is the semi-lame > blaming the PAM spec for implementation bugs. They have their axe to grind. The PAM spec is not to be blamed; although the spec is remarkably unclear on some points related to the offending code, the fault for the bug is entirely mine. In the meantime, it is important to point out that privilege separation (which is on by default in FreeBSD) prevents exploitation of the first bug, and that there is no known way to exploit the second bug. It is also important to point out that the second bug is not directly PAM-related. The a bug is in a common portion of the ssh1 kbdint code; it just so happens that the PAM code is the only kbdint device which triggers it. And it just so happens that I wrote those few lines as well :( DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp7k3ym2pv.fsf>