similar to: Serious Bug Report: OpenSSH

Displaying 20 results from an estimated 900 matches similar to: "Serious Bug Report: OpenSSH"

2000 Feb 09
0
[Colin Watson <cjw44@cam.ac.uk>] Bug#49902: [PATCH] Bug#49902: ssh and pam conspire to deny logins
Hi, Here's a helpful patch from one of our (Debian's) users. I'd guess that the similar if/xfree a few lines above in the #if PAM section could do with the same treatment. Cheers, Phil. --[[message/rfc822]] Date: Sat, 29 Jan 2000 11:11:32 +0000 From: Colin Watson <cjw44 at cam.ac.uk> To: 49902 at bugs.debian.org [Bug was that when sshing one's password is denied,
2000 Mar 06
0
openssh-1.2.2 bug/patch
sshd can free a buffer twice in some circumstances; here's a patch. (causes sshd to crash under linux; a similar fix is probably needed for the pam code, btw) --- sshd.c~ Tue Jan 25 16:07:22 2000 +++ sshd.c Sun Mar 5 22:14:40 2000 @@ -1525,7 +1525,10 @@ } if (client_user != NULL) + { xfree(client_user); + client_user = NULL; + } if (attempt > AUTH_FAIL_MAX)
2000 Jan 19
3
AIX openssh patches
I have a few patches for AIX. The patchfile is attached below. The patch has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, with openssl-0.94, using RSAref. 1) authenticate support - this function allows the system to determine authentification. Whatever the system allows for login, authenticate will too. It doesn't matter whether it is AFS, DFS, SecureID, local.
2000 May 15
1
AIX authenticate patches
Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time
2000 Nov 30
1
Problem and Patch: Multiple keys in ssh.com V2 agent
Hello! I recently discoverd a problem with ssh.com's ssh-agent2 and OpenSSH: If I have more than one key in my agent, then the agent tries to authenticicate me with every one of them at the OpenSSH server; but none of them is a valid key for that server. The Problem is that the Server increments the authctxt->attempt at every of that tries. So even if you want to login with a password at
2001 Feb 04
1
minor aix patch to auth1.c
--- auth1.c.orig Sat Feb 3 18:17:53 2001 Bringa AIX modes in line with latest changes to auth1.c +++ auth1.c Sat Feb 3 18:19:15 2001 @@ -347,7 +347,7 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); +
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes
2001 Nov 13
1
Kerberos / PAM bug in OpenSSH CVS
In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then xfree() the client_user string. The call to do_pam_account() later in the function then tries to use this string, resulting in a corrupt remote user. Finally, before exiting, the function frees client_user again, resulting in a double free and much mess. Patch attached. Cheers, Simon. -- Simon Wilkinson
2003 Feb 28
0
[PATCH] Clean up failed login logging.
Hi All. As noted in a previous post, the logging of failed user logins is somewhat spread out. This patch creates a record_failed_login() function in sshlogin.c and moves the AIX and UNICOS code to it, eliminating 3 #ifdefs from the main code. It also provides an obvious place to add the code for any other platforms that support this. I've tested this on AIX 4.3.3. Wendy Palm was kind
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable
2003 Apr 03
0
[PATCH re-send]: Clean up logging of failed logins.
Hi All. This is a re-send of a patch I submitted before 3.6p1. As noted in a previous post, the logging of failed user logins is somewhat spread out. This patch creates a record_failed_login() function in sshlogin.c and moves the AIX and UNICOS code to it, eliminating 3 #ifdefs from the main code. It also provides an obvious place to add the code for any other platforms that support
2003 Jan 27
1
[PATCH] Creation of record_failed_login() in sshlogin.c
Hi All, I've been poking around various parts of the auth code for a while. Some platforms support failed login counters and it occurs to me that there's as few too many instances of: #ifdef [PLATFORM] if (authenticated == 0 && strcmp(method, "password") == 0) some_login_failure_func(); #endif The attached patch creates a record_failed_login() function in
1999 Dec 01
1
Compile bugs in openssh-1.2pre15 on Solaris (2.6)
Hi, I didn't know if this was the correct spot to send openSSH bugs/problems so I thought I'd try... Anyway, I have encountered the following compile time problems for openssh-1.2pre15 / Solaris 2.6 / gcc 2.8.1 - * daemon code (bsd-daemon.[ch]) exists but is not linked in. Also, header is not included. Same might apply to bsd-login. * rsa.h needs __P() define to work
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to
2016 Feb 14
5
[Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c
https://bugzilla.mindrot.org/show_bug.cgi?id=2541 Bug ID: 2541 Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5
2000 Feb 02
1
Bugreport: OpenSSH-1.2.2 Server for Linux (glibc 2.1.2)
Hi, I would like to report a bug in OpenSSH-1.2.2 (release) under Linux. Under certain conditions the sshd client process segfaults while doing the password authentification. I have observed the behaviour with glibc 2.0.7 (non-PAM), glibc 2.1.1 (PAM) and glibc 2.1.2 (PAM), when 'RhostsRSAAuthentication yes' is chosen in sshd_config. It appears to happen regardless whether PAM is used or
2002 May 09
1
Bug report: OpenSSH 3.1p1
I believe auth-rhosts.c, function check_rhosts_file(), contains a bug that shows up when doing host-based authentication where the client_user name is not the same as the server_user name. Line 76 reads: strlcpy(userbuf, server_user, sizeof(userbuf)); I believe it should read: strlcpy(userbuf, client_user, sizeof(userbuf)); Otherwise later in the function this test will fail: /* Verify that
2002 Jul 31
2
privsep+kerb5+ssh1
please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char
2001 Dec 26
3
auth*.c
Folks, During testing, we found a couple of issues with openssh3.0.2p1: 1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c), the foll. check: if (authctxt->failures++ > AUTH_FAIL_MAX) is never satisfied and thus packet_disconnect() never gets called. I suspect the code just drops out of the dispatch_run function list instead. This should be an == instead of >.
2013 Jan 25
5
[Bug 2064] New: Enable logging of client_user at INFO priority rather than DEBUG2
https://bugzilla.mindrot.org/show_bug.cgi?id=2064 Bug ID: 2064 Summary: Enable logging of client_user at INFO priority rather than DEBUG2 Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Hardware: All OS: All Status: NEW Severity: enhancement