OpenSSH PAM Conversation Memory Scrubbing Weakness

A problem in the handling of PAM modules has been reported in OpenSSH. Because of this, OpenSSH may not correctly handle aborted conversations with PAM modules with the consequence that memory may not be scrubbed of sensitive information such as credentials. This could also expose other vulnerabilities in PAM modules due to unpredictable behavior.


Privacy Statement
Copyright 2010, SecurityFocus