oss-sec mailing list archives
Re: CVE Request for OpenSSH vulnerability - authentication limits bypass
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Wed, 22 Jul 2015 11:41:57 +0200
On Tue, Jul 21, 2015 at 11:16 AM, king cope <isowarez.isowarez.isowarez () googlemail com> wrote:
even more for local attacks. Technically this vulnerability affects OpenSSH. It can be found with FreeBSD installations because these use the keyboard-interactive authentication mechanism (that is the one affected) in combination with pam.
IIRC, default Gentoo OpenSSH also ships with KeyboardInteractive + Pam.
Current thread:
- CVE Request for OpenSSH vulnerability - authentication limits bypass king cope (Jul 21)
- Re: CVE Request for OpenSSH vulnerability - authentication limits bypass Jason A. Donenfeld (Jul 22)
- Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 22)
- Re: CVE Request for OpenSSH vulnerability - authentication limits bypass cve-assign (Jul 22)