BugTraq
OpenSSH/PAM timing attack allows remote users identification Apr 30 2003 02:34PM
Marco Ivaldi (raptor mediaservice net) (4 replies)
Re: OpenSSH/PAM timing attack allows remote users identification May 02 2003 01:15PM
Michael Shigorin (mike osdn org ua) (1 replies)
On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
> NOTE. FreeBSD uses both a different PAM implementation and a
> different PAM support in OpenSSH: it doesn't seem to be
> vulnerable to this particular timing leak issue.

Are you talking of CURRENT branch? 4.x use linux-PAM as well.

--
---- WBR, Michael Shigorin <mike (at) altlinux (dot) ru [email concealed]>
------ Linux.Kiev http://www.linux.kiev.ua/

[ reply ]
Re: OpenSSH/PAM timing attack allows remote users identification May 02 2003 01:48PM
Marco Ivaldi (raptor mediaservice net)
Re: OpenSSH/PAM timing attack allows remote users identification May 02 2003 12:56AM
Karl-Heinz Haag (k haag linux-ag com)
Re: OpenSSH/PAM timing attack allows remote users identification May 01 2003 03:20PM
Thilo Schulz (arny ats s bawue de) (1 replies)
Re: OpenSSH/PAM timing attack allows remote users identification May 02 2003 11:20AM
Marco Ivaldi (raptor mediaservice net)
Re: OpenSSH/PAM timing attack allows remote users identification May 01 2003 09:12AM
Ethan Benson (erbenson alaska net) (2 replies)
Re: OpenSSH/PAM timing attack allows remote users identification May 05 2003 12:55PM
Marco Ivaldi (raptor mediaservice net)
Re: OpenSSH/PAM timing attack allows remote users identification May 01 2003 06:15PM
Nicolas Couture (nc stormvault net)


 

Privacy Statement
Copyright 2010, SecurityFocus