Home page logo

bugtraq logo Bugtraq mailing list archives

Re: OpenSSH/PAM timing attack allows remote users identification
From: Michael Shigorin <mike () osdn org ua>
Date: Fri, 2 May 2003 16:15:59 +0300

On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
NOTE. FreeBSD uses both a different PAM implementation and a
different PAM support in OpenSSH: it doesn't seem to be
vulnerable to this particular timing leak issue.

Are you talking of CURRENT branch?  4.x use linux-PAM as well.

 ---- WBR, Michael Shigorin <mike () altlinux ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]