yeah, looks like BS for a number of reasons but I'm going to poke
around for it anyway.
The memory dump seems in indicate a post-auth process (and possibly
sftp-server/internal-sftp), so it's surprising it could see the
password hash to begin with and it would be highly unlikely to see
anything else that is sensitive.
On Mon, 5 May 2014, mancha wrote:
> FYI
>
> ----- Forwarded message from RbN <r.b.n at riseup.net> -----
>
> > Date: Mon, 05 May 2014 19:40:02 +0200
> > From: RbN <r.b.n at riseup.net>
> > To: oss-security at lists.openwall.com
> > Subject: [oss-security] *Possible* ssh vulnerability
> > User-Agent: mutt (compatible Hurd 3.11/Windows 0.5)
> >
> > Looks like a fake, but I prefer to post it here anyway:
> > http://pastebin.com/gjkivAf3
> >
> > If anybody gets more info about it, please share ;)
> >
> >
> > --
> > RbN
> > Archlinux CVE monitoring team
>
> ----- End forwarded message -----
>