Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD

From: Darren Tucker <dtucker@zip.com.au>
To: HI-TECH . <isowarez.isowarez.isowarez@googlemail.com>
Cc: full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD
Date:


This seems to be in libopie rather than sshd or libpam and happens
when the username is longer than OPIE_PRINCIPAL_MAX.  I'm not sure
exactly where inside libopie it is, but commenting out pam_opie.so
seems to prevent it.

http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_opie/pam_opie.c?annotate=1.26
prevents usernames longer than OPIE_PRINCIPAL_MAX from being accepted
by pam_opie.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
  Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.