Bugtraq mailing list archives
Re: OpenSSH/PAM timing attack allows remote users identification
From: Michael Shigorin <mike () osdn org ua>
Date: Fri, 2 May 2003 16:15:59 +0300
On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
NOTE. FreeBSD uses both a different PAM implementation and a different PAM support in OpenSSH: it doesn't seem to be vulnerable to this particular timing leak issue.
Are you talking of CURRENT branch? 4.x use linux-PAM as well. -- ---- WBR, Michael Shigorin <mike () altlinux ru> ------ Linux.Kiev http://www.linux.kiev.ua/
Attachment:
_bin
Description:
Current thread:
- Re: OpenSSH/PAM timing attack allows remote users identification Ethan Benson (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- <Possible follow-ups>
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)