Bug#137492: PAM pam_set_item: NULL pam handle passed

[Matt Zimmerman <mdz () debian org>]

Package: ssh
Version: 1:3.0.2p1-8
Severity: normal

On Sat, Mar 09, 2002 at 12:06:46PM -0500, Matt Zimmerman wrote:

> Yes, this is pretty much what I assumed...I would like to track down why
> this is happening, and send a good bug report to the OpenSSH folks, but I
> can't reproduce the problem, and probably won't have the time to fiddle
> with it too much.  It may only happen when the client does something
> specific, that the client from my version of OpenSSH will not do, even
> under the same circumstances.

Well, scratch that, it turns out that it's actually quite easy to reproduce.
The key bits are:

- v1 protocol
- public key authentication
- illegal user

The bug only surfaces when all of these are active.  For example:

ssh -1 -i some-v1-key nonexistentuser@localhost

will do it every time.

--

Versions of packages ssh depends on:
ii  debconf                       1.0.31     Debian configuration management sy
ii  libc6                         2.2.5-3    GNU C Library: Shared libraries an
ii  libpam-modules                0.72-35    Pluggable Authentication Modules f
ii  libpam0g                      0.72-35    Pluggable Authentication Modules l
ii  libssl0.9.6                   0.9.6c-1   SSL shared libraries
ii  libwrap0                      7.6-9      Wietse Venema's TCP wrappers libra
ii  zlib1g                        1:1.1.3-19 compression library - runtime

-- 
 - mdz


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com