lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BANLkTinnV7BoMsqEAJ3uYzHU67FUfLM-W7xfcY0KgwkRoCdOxQ@mail.gmail.com>
Date: Fri, 1 Jul 2011 16:38:18 +1000
From: Darren Tucker <dtucker@....com.au>
To: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: OpenSSH 3.5p1 Remote Root Exploit for FreeBSD


This seems to be in libopie rather than sshd or libpam and happens
when the username is longer than OPIE_PRINCIPAL_MAX.  I'm not sure
exactly where inside libopie it is, but commenting out pam_opie.so
seems to prevent it.

http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_opie/pam_opie.c?annotate=1.26
prevents usernames longer than OPIE_PRINCIPAL_MAX from being accepted
by pam_opie.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ