Home page logo

oss-sec logo oss-sec mailing list archives

Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Solar Designer <solar () openwall com>
Date: Tue, 5 Jul 2011 09:49:19 +0400

On Mon, Jul 04, 2011 at 09:24:45PM -0700, Colin Percival wrote:
I haven't had time to investigate, in part because I don't have any systems
running that ancient openssh any more.  I'm interested to hear if anyone has
tracked down exactly where the bug was, though.

Thanks for your reply.

Since I also have other uses for my time, would anyone else investigate,
please?  I'd appreciate it.  Perhaps install FreeBSD 4.x into a VM.
Sounds like fun for someone who has time.

I don't think the bug is in OpenSSH per se, nor in FreeBSD 4's PAM (my
understanding is that it was cut-down Linux-PAM at the time, which was
replaced with OpenPAM in 5.x), nor in pam_opie.  libopie sounds more
plausible.  But I could be wrong.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]