Bugtraq: Re: OpenSSH/PAM timing attack allows remote users identification

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: OpenSSH/PAM timing attack allows remote users identification

From: Michael Shigorin <mike () osdn org ua>
Date: Fri, 2 May 2003 16:15:59 +0300

On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:

NOTE. FreeBSD uses both a different PAM implementation and a
different PAM support in OpenSSH: it doesn't seem to be
vulnerable to this particular timing leak issue.


Are you talking of CURRENT branch?  4.x use linux-PAM as well.

-- 
 ---- WBR, Michael Shigorin <mike () altlinux ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: OpenSSH/PAM timing attack allows remote users identification, (continued)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)