Minor OpenSSH/pam vuln (non-exploitable)

[<das () decisionsoft com>]

The home page of the one time password system (or otpw -- http://www.cl.cam.ac.uk/~mgk25/otpw.html) has info about how 
OpenSSH doesn't correctly return PAM_CONV_ERR when a user cancels a login (but instead incorrectly calls pam_end() 
having the side effect that memory is not correctly scrubbed (or who knows what for other PAM modules). This info comes 
directly from the aforementioned website.

This has been reported via the appropriate bugzilla (http://bugzilla.mindrot.org/show_bug.cgi?id=632) but not yet 
fixed. 

If there are any hardware security tokens (for example) which might fail to go back to a locked state due to this bug 
then it might introduce an exploitable vulnerability in that situation. Otherwise, it just fails to provide all the 
security assurances it should (with respect to scrubbing the ram).

If anyone who knows more about pam and OpenSSH has any further analysis to add, it would be much appreciated.