[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] OpenSSH again

To: "Dumitru Stama" <dics@xxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] OpenSSH again
From: pdt@xxxxxxxxxxxxxx
Date: Tue, 23 Sep 2003 17:12:38 -0500 (CDT)

FWIW: A co-worker just forwarded information on to me that a "non-default"
configuration such as oh.... PAM is exploitable by being able to login as
any user with no password.  It affects the portable tree versions 3.7p1
and 3.7.1p1.

Has anybody seen exploit code on this one?

>
> Check out the webpage : ....-P2 :(
> Another bug :((
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] OpenSSH again - not really.
  - From: Kurt Seifried

References:
- [Full-Disclosure] OpenSSH again
  - From: Dumitru Stama

Prev by Date: RE: [Full-Disclosure] [Fwd: Last Critical Update]
Next by Date: [Full-Disclosure] Privacy leak in VeriSign's SiteFinder service
Previous by thread: [Full-Disclosure] OpenSSH again
Next by thread: Re: [Full-Disclosure] OpenSSH again - not really.
Index(es):
- Date
- Thread