| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Jul 2011 16:38:18 +1000 From: Darren Tucker <dtucker@....com.au> To: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: OpenSSH 3.5p1 Remote Root Exploit for FreeBSD This seems to be in libopie rather than sshd or libpam and happens when the username is longer than OPIE_PRINCIPAL_MAX. I'm not sure exactly where inside libopie it is, but commenting out pam_opie.so seems to prevent it. http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_opie/pam_opie.c?annotate=1.26 prevents usernames longer than OPIE_PRINCIPAL_MAX from being accepted by pam_opie. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists