oss-sec mailing list archives
Re: FreeBSD 4.x OpenSSH/libopie remote root hole
From: Solar Designer <solar () openwall com>
Date: Tue, 5 Jul 2011 09:49:19 +0400
On Mon, Jul 04, 2011 at 09:24:45PM -0700, Colin Percival wrote:
I haven't had time to investigate, in part because I don't have any systems running that ancient openssh any more. I'm interested to hear if anyone has tracked down exactly where the bug was, though.
Thanks for your reply. Since I also have other uses for my time, would anyone else investigate, please? I'd appreciate it. Perhaps install FreeBSD 4.x into a VM. Sounds like fun for someone who has time. I don't think the bug is in OpenSSH per se, nor in FreeBSD 4's PAM (my understanding is that it was cut-down Linux-PAM at the time, which was replaced with OpenPAM in 5.x), nor in pam_opie. libopie sounds more plausible. But I could be wrong. Alexander
Current thread:
- FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer (Jul 05)
- <Possible follow-ups>
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl (Jul 06)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)