LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openssh: multilple PAM vulnerabilities in Portable OpenSSH versions 3.7p1 and 3.7.1p1

Package(s):openssh CVE #(s):
Created:September 23, 2003 Updated:October 1, 2003
Description: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). See this advisory for details.
Alerts:
Trustix 2003-0036 2003-09-27
Slackware SSA:2003-266-01 2003-09-24
OpenPKG OpenPKG-SA-2003.042 2003-09-24
Gentoo 200309-14 2003-09-23
(Log in to post comments)

Red Hat not vulnerable

Posted Sep 26, 2003 20:09 UTC (Fri) by bjn (guest, #2179) [Link]

Note that Red Hat ships older versions of OpenSSH (with recent security fixes back-ported),
so it is not vulnerable to the problem(s) with the new PAM code in 3.7x

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds