openssh: multilple PAM vulnerabilities in Portable OpenSSH versions 3.7p1 and 3.7.1p1
| Package(s): | openssh | CVE #(s): | |||||||||||||||||
| Created: | September 23, 2003 | Updated: | October 1, 2003 | ||||||||||||||||
| Description: | Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). See this advisory for details. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Posted Sep 26, 2003 20:09 UTC (Fri)
by bjn (guest, #2179)
[Link]
Note that Red Hat ships older versions of OpenSSH (with recent security fixes back-ported), Red Hat not vulnerable
so it is not vulnerable to the problem(s) with the new PAM code in 3.7x