[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070425163428.GH29186@ngolde.de>
Date: Wed, 25 Apr 2007 18:34:28 +0200
From: Nico Golde <fd@...lde.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenSSH - System Account Enumeration if S/Key
is used
Hi,
* rembrandt <rembrandt@...ith.org> [2007-04-21 02:57]:
[...]
> Author: Rembrandt
> Date: Known since somewhere in 2005
> Affected Software: OpenSSH 4.6 <=
> Proppably everything which is based on OpenSSH
> Type: Remote
> Type: Enumeration of system accounts
[...]
This is bogus and old, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279
for example (5 years old.
But opie not that cool nonetheless, for example there is an
off-by-one in accessfile.c
Kind regards
Nico
--
Nico Golde - JAB: nion@...ber.ccc.de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists