mailing list archives
Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Solar Designer <solar () openwall com>
Date: Tue, 5 Jul 2011 09:49:19 +0400
On Mon, Jul 04, 2011 at 09:24:45PM -0700, Colin Percival wrote:
I haven't had time to investigate, in part because I don't have any systems
running that ancient openssh any more. I'm interested to hear if anyone has
tracked down exactly where the bug was, though.
Thanks for your reply.
Since I also have other uses for my time, would anyone else investigate,
please? I'd appreciate it. Perhaps install FreeBSD 4.x into a VM.
Sounds like fun for someone who has time.
I don't think the bug is in OpenSSH per se, nor in FreeBSD 4's PAM (my
understanding is that it was cut-down Linux-PAM at the time, which was
replaced with OpenPAM in 5.x), nor in pam_opie. libopie sounds more
plausible. But I could be wrong.