Displaying 20 results from an estimated 4000 matches similar to: "Revised OpenSSH Security Advisory"
2002 Jul 01
0
Revised OpenSSH Security Advisory
This is the 4th revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/preauth.adv
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
2002 Jun 26
1
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Jun 26
0
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Jun 26
2
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables
2002 Jun 26
0
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
When using PAM to do password authenticaion the attempt/failure counter
appears to be getting confused. This is using a rh62 system with the
openssh-2.9p2-1 rpms...
On the client side...
[matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
2002 Jun 27
1
[PATCH] kbdintctxt->nreq test
If the info_response code is going to test that the # of responses is < 100,
then the info_request code should check that < 100 prompts are sent. It
would be rude to send 101 prompts and then fail when the responses come
back.
I actually think the test should be removed altogether, the limit seems
quite arbitrary, but here is a patch to not send > 100 prompts. With
this patch, the test
2003 Mar 27
0
[Bug 524] Keyboard-interactive PAM back end hides information
http://bugzilla.mindrot.org/show_bug.cgi?id=524
Summary: Keyboard-interactive PAM back end hides information
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2003 Oct 05
0
FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:15.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH PAM challenge/authentication error
Category: core
Module: openssh
Announced:
2003 Oct 05
0
FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:15.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH PAM challenge/authentication error
Category: core
Module: openssh
Announced:
2001 Nov 04
2
OPIE patch for current CVS
I redid my previous OPIE patch for the current ssh tree. It seems
to work fine here, and I'ld love to see it merged before the 3.0
release.
Wichert.
diff -x CVS -wNur ../cvs/other/openssh_cvs/Makefile.in openssh_cvs/Makefile.in
--- ../cvs/other/openssh_cvs/Makefile.in Mon Oct 22 02:53:59 2001
+++ openssh_cvs/Makefile.in Sun Nov 4 01:18:19 2001
@@ -50,7 +50,7 @@
SSHOBJS= ssh.o
2004 Jan 25
1
Puzzled about PAM support in OpenSSH-3.7.1p2
I'm trying to understand the code around PAM support in auth2.c and
auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on
FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a
captive accout for users in a RADIUS database but whose login does not
appear in /etc/passwd or getpwnam().
I understand that if the username is not found in getpwnam(), then the
2001 Mar 13
0
[PATCH] openssh 2.5.1p2 TIS authserv support
Hi,
We have updated our TIS authserv support patch for OpenSSH 2.5.1p2. You'll
find it attached to my message.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
-------------- next part --------------
diff -urN openssh-2.5.1p2/Makefile.in openssh-2.5.1p2-tis/Makefile.in
--- openssh-2.5.1p2/Makefile.in Sun Feb 18 20:13:33 2001
+++
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of
2002 Feb 02
1
openssh-3.0.2p1 BUGs
Hello,
I looked through the latest stable version of openssh
(3.0.2p1) and found a number of items that concerned
me. I'm not terribly familiar with the coding, so
patches are probably better left to someone else.
Anyways, here a list of issues that I think someone
should look at.
Cheers,
Steve Grubb
--------
File Line Description
Channels.c 1195 If nc == NULL, this line segfaults.
Test
2003 Feb 20
0
OpenSSH_3.5p1 server, PC clients cannot connect
I have setup an OpenSSH_3.5p1 ssh/sftp server on my
SunOS 4.1.4 box. I can ssh to it just fine. The problem
is SFTP from certain clients.
I can SFTP to it using my OpenSSH_3.5p1 sftp client. I
can SFTP to it from MacSFTP from MacSSH.org, version 1.0.5.
However, I have several clients that cannot connect. I have
had them try CuteFTP Pro v2, v3, WS_FTP Pro v7.62, PuTTy
pSFTP. None are able to
2003 Dec 02
1
Sun Kerberos Password Expiration Problems with OpenSSH 3.7.1p2
I am running Solaris 8 with the Basic Security Module (BSM) loaded and
Sun's Enterprise Authentication Mechanism (SEAM) installed. Our servers
are using Sun One Directory Services (LDAP) for authorization and Sun's
Kerberos 5 implementation for authentication. We have been using OpenSSH
3.4p1 with OpenSSL 0.9.6f and everything has been working fine.
We are updating our OpenSSH and OpenSSL