Date: Thu, 27 Jun 2002 09:54:58 +1000 From: "Chris Knight" <chris@aims.com.au> To: <rwatson@FreeBSD.ORG> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: Wow Message-ID: <012e01c21d6c$e16ce9c0$020aa8c0@aims.private> In-Reply-To: <Pine.NEB.3.96L.1020626161426.16603A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Howdy, > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Robert Watson > Sent: Thursday, 27 June 2002 6:20 > To: Jamie Norwood > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: Wow > > [snip] > > If people want to do something useful, looking for nits in our > integration of the new OpenSSH code in -CURRENT would be useful, as > we're in the process of merging to -STABLE and catching the nits > sooner rather than later would really be preferred. In particular, > looking for any issues with PAM would be useful, and with non-default > authentication types (hardware authentication tokens, kerberos, etc). > Isn't the merge a little bit hasty? According to the advisory, the least intrusive change to -STABLE would be to uncomment the ChallengeResponseAuthentication in /usr/src/crypto/openssh/sshd_config. The PAM issues appear to only be in 2.9.9+. Also, my understanding of the advisory is that the exploit hasn't been fixed - it's just that Privilege Separation will limit the exploit to a chrooted environment with minimal permissions. Please correct me if I'm wrong. > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Network Associates Laboratories Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012e01c21d6c$e16ce9c0$020aa8c0>