oss-sec mailing list archives

Re: CVE request -- bibtex, pam_ssh

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 8 Apr 2009 14:00:38 -0400 (EDT)


======================================================
Name: CVE-2009-1273
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1273
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=263579
Reference: SECUNIA:34536
Reference: URL:http://secunia.com/advisories/34536

pam_ssh 1.92 and possibly other versions, as used when PAM is compiled
with USE=ssh, generates different error messages depending on whether
the username is valid or invalid, which makes it easier for remote
attackers to enumerate usernames.

Current thread:

CVE request -- bibtex, pam_ssh Jan Lieskovsky (Apr 01)
- Re: CVE request -- bibtex, pam_ssh Steven M. Christey (Apr 08)