search for: chall

From: Marco Trevisan (Trevi?o) <mail at 3v1n0.net> We were only checking if the prefix of a device name was matching what we had in the devices list, so if the device list contained "pam", then also the device "pam-foo" was matching. --- auth2-chall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth2-chall.c b/auth2-chall.c index 021df8291..52d38e2ef 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -170,7 +170,7 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) "keyboard-interactive&quo...

https://bugzilla.mindrot.org/show_bug.cgi?id=2410 Bug ID: 2410 Summary: auth-chall.c - "<stdarg.h>" #included twice Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: u...

...penssh_cvs/Makefile.in --- ../cvs/other/openssh_cvs/Makefile.in Mon Oct 22 02:53:59 2001 +++ openssh_cvs/Makefile.in Sun Nov 4 01:18:19 2001 @@ -50,7 +50,7 @@ SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall....

....h Sat Mar 17 02:15:38 2001 +++ openssh-2.5.2p2/acconfig.h Sun Jun 3 18:36:47 2001 @@ -184,6 +184,9 @@ /* Define if you want AFS support */ #undef AFS +/* Define if you want OPIE support */ +#undef OPIE + /* Define if you want S/Key support */ #undef SKEY diff -wur org/openssh-2.5.2p2/auth-chall.c openssh-2.5.2p2/auth-chall.c --- org/openssh-2.5.2p2/auth-chall.c Mon Mar 5 07:59:27 2001 +++ openssh-2.5.2p2/auth-chall.c Sun Jun 3 18:34:43 2001 @@ -67,7 +67,7 @@ debug("verify_response: <%s> = <%d>", response, authok); return authok != 0; } -#else +#else /* BSD_AUT...

...co Trevisan (Trevi?o) <mail at 3v1n0.net> kbdint result vfunc may return various values, so use an enum to make it clearer what each result means without having to dig into the struct documentation. --- auth-bsdauth.c | 2 +- auth-pam.c | 10 +++++----- auth.h | 5 +++++ auth2-chall.c | 4 ++-- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/auth-bsdauth.c b/auth-bsdauth.c index d124e994e..ca41735de 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -111,7 +111,7 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses) authctxt->as = NULL;...

....3 enables UsePrivilegeSeparation by default. Although OpenSSH 2.9 and earlier are not affected upgrading to OpenSSH 3.4 is recommended, because OpenSSH 3.4 adds checks for a class of potential bugs. 2. Impact: This bug can be exploited remotely if ChallengeResponseAuthentication is enabled in sshd_config. Affected are at least systems supporting s/key over SSH protocol version 2 (OpenBSD, FreeBSD and NetBSD as well as other systems supporting s/key with SSH). Exploitablitly of systems using PAM in combination has not been verified. 3. Shor...

...d 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3 contain a bug in the ChallengeResponseAuthentication code. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables UsePrivilegeSeparation by default. Although some earlier ve...

...d 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3 contain a bug in the ChallengeResponseAuthentication code. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables UsePrivilegeSeparation by default. Although some earlier ve...

I configure as follows: ./configure --with-zlib=/usr/local/include cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o m...

....3 enables UsePrivilegeSeparation by default. Although OpenSSH 2.9 and earlier are not affected upgrading to OpenSSH 3.4 is recommended, because OpenSSH 3.4 adds checks for a class of potential bugs. 2. Impact: This bug can be exploited remotely if ChallengeResponseAuthentication is enabled in sshd_config. Affected are at least systems supporting s/key over SSH protocol version 2 (OpenBSD, FreeBSD and NetBSD as well as other systems supporting s/key with SSH). Exploitablitly of systems using PAM in combination has not been verified. 3. Shor...

hello, little problem compiling openssh 4.6p1 on irix using mipspro 7.4.x. c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5cryp...

...1p2-tis/Makefile.in --- openssh-2.5.1p2/Makefile.in Sun Feb 18 20:13:33 2001 +++ openssh-2.5.1p2-tis/Makefile.in Fri Mar 9 10:11:30 2001 @@ -48,7 +48,7 @@ SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o dh.o sshpty.o log-server.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-c...

...enum to define the PAM done status auth-pam: Add debugging information when we receive PAM messages auth-pam: Immediately report interactive instructions to clients auth-bsdauth.c | 2 +- auth-pam.c | 51 ++++++++++++++++++++++++++++++-------------------- auth.h | 5 +++++ auth2-chall.c | 4 ++-- 4 files changed, 39 insertions(+), 23 deletions(-) -- 2.34.1

...ed the OpenBSD 3.4 patch to the 3.9 sources on both my i386 and sparc64 OpenBSD 3.4 boxes, and get the same error: cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lgssapi...

...ed ./configure --prefix=/opt/ssh --with-prngd-socket =/var/run/egd-pool --with-ssl-dir=/opt/ssh --with-zlib=/opt/zlib cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o...

...d 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3 contain a bug in the ChallengeResponseAuthentication code. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables UsePrivilegeSeparation by default. Although some earlier ve...

...d 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3 contain a bug in the ChallengeResponseAuthentication code. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables UsePrivilegeSeparation by default. Although some earlier ve...

...-L/usr/local/ssl/lib -L/usr/local/lib -lssh -lopenbsd-compat -lresolv -liaf -lcrypto -lsocket -lnsl -lgen -lz -lcrypt cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5cryp...

...er downloading 3.7 to my OpenBSD source tree... bash-2.05b# make [...] ===> lib ===> ssh ===> sshd cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/var/src/usr.bin/ssh/sshd/../lib/o...

...PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:15.openssh Security Advisory The FreeBSD Project Topic: OpenSSH PAM challenge/authentication error Category: core Module: openssh Announced: 2003-10-05 Credits: The OpenSSH Project <openssh@openssh.org> Affects: FreeBSD releases 4.6.2-RELEASE and later FreeBSD 4-STABLE prior to the correction date op...