similar to: Revised OpenSSH Security Advisory (adv.iss)

This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3

1. Versions affected: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables

1. Versions affected: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables

This is the 4th revision of the Advisory. This document can be found at: http://www.openssh.com/txt/preauth.adv 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the

This is the 4th revision of the Advisory. This document can be found at: http://www.openssh.com/txt/preauth.adv 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the

The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes

If the info_response code is going to test that the # of responses is < 100, then the info_request code should check that < 100 prompts are sent. It would be rude to send 101 prompts and then fail when the responses come back. I actually think the test should be removed altogether, the limit seems quite arbitrary, but here is a patch to not send > 100 prompts. With this patch, the test

http://bugzilla.mindrot.org/show_bug.cgi?id=524 Summary: Keyboard-interactive PAM back end hides information Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

this patch will allow PAM authentication when using sun's pam_krb5 before pam_unix in the PAM stack. without this patch a pam.conf entry like: sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass would fail with the error "input_userauth_info_response_pam: no authentication context". NOTE: when

http://bugzilla.mindrot.org/show_bug.cgi?id=128 Summary: PAM with ssh authentication and pam_krb5 doesn't work properly Product: Portable OpenSSH Version: 3.0.2p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

I'm trying to understand the code around PAM support in auth2.c and auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a captive accout for users in a RADIUS database but whose login does not appear in /etc/passwd or getpwnam(). I understand that if the username is not found in getpwnam(), then the

Hello, I looked through the latest stable version of openssh (3.0.2p1) and found a number of items that concerned me. I'm not terribly familiar with the coding, so patches are probably better left to someone else. Anyways, here a list of issues that I think someone should look at. Cheers, Steve Grubb -------- File Line Description Channels.c 1195 If nc == NULL, this line segfaults. Test

I redid my previous OPIE patch for the current ssh tree. It seems to work fine here, and I'ld love to see it merged before the 3.0 release. Wichert. diff -x CVS -wNur ../cvs/other/openssh_cvs/Makefile.in openssh_cvs/Makefile.in --- ../cvs/other/openssh_cvs/Makefile.in Mon Oct 22 02:53:59 2001 +++ openssh_cvs/Makefile.in Sun Nov 4 01:18:19 2001 @@ -50,7 +50,7 @@ SSHOBJS= ssh.o

Hi, We have updated our TIS authserv support patch for OpenSSH 2.5.1p2. You'll find it attached to my message. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 -------------- next part -------------- diff -urN openssh-2.5.1p2/Makefile.in openssh-2.5.1p2-tis/Makefile.in --- openssh-2.5.1p2/Makefile.in Sun Feb 18 20:13:33 2001 +++

Hi, Initially when we do ssh from Cisco IOS Router to my linux machine, we use to see only one password prompt , even though we configured number of password prompts in Linux machine to 3. So, to overcome this issue , someone changed the values in sshd_config file in openssh-3.5pl. Before Fix #ChallengeResponseAuthentication yes #PAMAuthenticationViaKbdInt no After Fix

Hi there, when enabling the option PAMAuthenticationViaKbdInt, a login with password is always possible, even though when you disabled it with PasswordAuthentication no and PermitRootLogin without-password! Is this intended? Why is there no documentation about this (or at least a waring in the default configuration file)? The problem is, it is enabled in the default installation of Debian

Hello! Please consider including the attached patch in the next release. It allows one to drop privilege separation code while building openssh by using '--disable-privsep' switch of configure script. If one doesn't use privilege separation at all, why don't simply allow him to drop privilege separation support completely? -- Sincerely Your, Dan. -------------- next part