| 1 |
On Tue, 2004-08-03 at 06:36, Bryan O'Shea wrote: |
| 2 |
> > I haven't fully analyzed all the ssh toolkits people have provided me, |
| 3 |
> > but so far I've yet to see anything other than ptrace and do_brk |
| 4 |
> > vulnerabilities, and normal SSH login attempts. However, one individual |
| 5 |
> > on full disclosure reported an oversized packet (?) captured with |
| 6 |
> > tcpdump, which he argued is evidence of some as-yet unknown OpenSSH |
| 7 |
> > vulnerability. |
| 8 |
> > |
| 9 |
> |
| 10 |
> I haven't done and detailed capturing at this point. |
| 11 |
> > This is a vanilla 2004.1 install on x86, correct? |
| 12 |
> |
| 13 |
> Yes smp x86 box. |
| 14 |
|
| 15 |
Bryan, what is the value of UsePAM in your sshd config file? |
| 16 |
|
| 17 |
Cheers |
| 18 |
|
| 19 |
Andrew |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives