Full Disclosure mailing list archives
Re: Leveraging pam_env to steal DSA keys
From: paul.szabo () sydney edu au
Date: Tue, 31 May 2011 08:48:22 +1000
... http://7bits.nl/projects/pamenv-dsakeys/pamenv-dsakeys.html
Seems to me that CVE-2010-3435 may allow users to determine also: password in /etc/lilo.conf secret in /etc/bind/named.conf /etc/bind/rndc.conf /etc/bind/rndc.key bits of /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key which should all be protected. Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Leveraging pam_env to steal DSA keys Peter van Dijk (May 30)
- Re: Leveraging pam_env to steal DSA keys paul . szabo (May 30)
- Re: Leveraging pam_env to steal DSA keys Peter van Dijk (May 30)
- Re: Leveraging pam_env to steal DSA keys paul . szabo (May 31)
- Re: Leveraging pam_env to steal DSA keys Peter van Dijk (May 30)
- Re: Leveraging pam_env to steal DSA keys paul . szabo (May 30)