[30017] in bugtraq
Re: OpenSSH/PAM timing attack allows remote users identification
daemon@ATHENA.MIT.EDU (Michael Shigorin)
Fri May 2 16:43:02 2003
Date: Fri, 2 May 2003 16:15:59 +0300
From: Michael Shigorin <mike@osdn.org.ua>
To: Marco Ivaldi <raptor@mediaservice.net>
Message-ID: <20030502131559.GY11315@osdn.org.ua>
Mail-Followup-To: Marco Ivaldi <raptor@mediaservice.net>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="GD+uNaHYxbVPHaQt"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.30L2.0304301358220.9889-200000@dns.mediaservice.net>
--GD+uNaHYxbVPHaQt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
> NOTE. FreeBSD uses both a different PAM implementation and a
> different PAM support in OpenSSH: it doesn't seem to be
> vulnerable to this particular timing leak issue.
Are you talking of CURRENT branch? 4.x use linux-PAM as well.
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
--GD+uNaHYxbVPHaQt
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+sm+PbsPDprYMm3IRAs8HAJ4noGRkheWX2bEz4vERmWmtYn+DmQCfQcFZ
3wZ4AfHnpcM8Q52WD/g0cvE=
=4tp9
-----END PGP SIGNATURE-----
--GD+uNaHYxbVPHaQt--
