Full Disclosure mailing list archives
Re: OpenSSH - System Account Enumeration if S/Key is used
From: Nico Golde <fd () ngolde de>
Date: Wed, 25 Apr 2007 18:34:28 +0200
Hi, * rembrandt <rembrandt () helith org> [2007-04-21 02:57]: [...]
Author: Rembrandt
Date: Known since somewhere in 2005
Affected Software: OpenSSH 4.6 <=
Proppably everything which is based on OpenSSH
Type: Remote
Type: Enumeration of system accounts
[...] This is bogus and old, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279 for example (5 years old. But opie not that cool nonetheless, for example there is an off-by-one in accessfile.c Kind regards Nico -- Nico Golde - JAB: nion () jabber ccc de | GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys!
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenSSH - System Account Enumeration if S/Key is used rembrandt (Apr 20)
- Re: OpenSSH - System Account Enumeration if S/Key is used Stanislaw Klekot (Apr 24)
- Re: OpenSSH - System Account Enumeration if S/Key is used Brian Eaton (Apr 24)
- Re: OpenSSH - System Account Enumeration if S/Key is used rembrandt (Apr 24)
- Re: OpenSSH - System Account Enumeration if S/Key is used Nico Golde (Apr 25)
- Re: OpenSSH - System Account Enumeration if S/Key is used Knud Erik Højgaard (Apr 25)
- Re: OpenSSH - System Account Enumeration if S/Key is used Kradorex Xeron (Apr 25)
- Re: OpenSSH - System Account Enumeration if S/Key is used Knud Erik Højgaard (Apr 25)
- Re: OpenSSH - System Account Enumeration if S/Key is used Stanislaw Klekot (Apr 24)