1 |
On Tue, 2004-08-03 at 06:36, Bryan O'Shea wrote: |
2 |
> > I haven't fully analyzed all the ssh toolkits people have provided me, |
3 |
> > but so far I've yet to see anything other than ptrace and do_brk |
4 |
> > vulnerabilities, and normal SSH login attempts. However, one individual |
5 |
> > on full disclosure reported an oversized packet (?) captured with |
6 |
> > tcpdump, which he argued is evidence of some as-yet unknown OpenSSH |
7 |
> > vulnerability. |
8 |
> > |
9 |
> |
10 |
> I haven't done and detailed capturing at this point. |
11 |
> > This is a vanilla 2004.1 install on x86, correct? |
12 |
> |
13 |
> Yes smp x86 box. |
14 |
|
15 |
Bryan, what is the value of UsePAM in your sshd config file? |
16 |
|
17 |
Cheers |
18 |
|
19 |
Andrew |
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |