Bugtraq mailing list archives

Re: OpenSSH/PAM timing attack allows remote users identification

From: Michael Shigorin <mike () osdn org ua>
Date: Fri, 2 May 2003 16:15:59 +0300

On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:

NOTE. FreeBSD uses both a different PAM implementation and a
different PAM support in OpenSSH: it doesn't seem to be
vulnerable to this particular timing leak issue.


Are you talking of CURRENT branch?  4.x use linux-PAM as well.

-- 
 ---- WBR, Michael Shigorin <mike () altlinux ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Attachment: _bin
Description:

Current thread:

Re: OpenSSH/PAM timing attack allows remote users identification Ethan Benson (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- <Possible follow-ups>
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)