oss-sec mailing list archives
Re: CVE request -- bibtex, pam_ssh
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 8 Apr 2009 14:00:38 -0400 (EDT)
====================================================== Name: CVE-2009-1273 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1273 Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=263579 Reference: SECUNIA:34536 Reference: URL:http://secunia.com/advisories/34536 pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Current thread:
- CVE request -- bibtex, pam_ssh Jan Lieskovsky (Apr 01)
- Re: CVE request -- bibtex, pam_ssh Steven M. Christey (Apr 08)