oss-sec mailing list archives

Re: CVE Request for OpenSSH vulnerability - authentication limits bypass

From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Wed, 22 Jul 2015 11:41:57 +0200

On Tue, Jul 21, 2015 at 11:16 AM, king cope
<isowarez.isowarez.isowarez () googlemail com> wrote:

even more for local attacks. Technically this vulnerability affects
OpenSSH. It can be found with FreeBSD installations because these use
the keyboard-interactive authentication
mechanism (that is the one affected) in combination with pam.



IIRC, default Gentoo OpenSSH also ships with KeyboardInteractive + Pam.

Current thread:

CVE Request for OpenSSH vulnerability - authentication limits bypass king cope (Jul 21)
- Re: CVE Request for OpenSSH vulnerability - authentication limits bypass Jason A. Donenfeld (Jul 22)
- Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 22)
- Re: CVE Request for OpenSSH vulnerability - authentication limits bypass cve-assign (Jul 22)
  - Re: Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 23)
    - Re: CVE Request for OpenSSH vulnerability - authentication limits bypass cve-assign (Jul 23)
    - Re: Re: CVE Request for OpenSSH vulnerability - authentication limits bypass mancha (Jul 23)