On Tue, Dec 07, 2004 at 09:36:11AM -0500, John Dalbec wrote: > Does this affect -Legacy? > 04.48.30 CVE: CAN-2003-0190 > Platform: Cross Platform > Title: OpenSSH-portable PAM Authentication Remote Information > Disclosure ...... On the first glance this looks like a problem which has the following entry in a changelog from openssh-3.1p1-14: * Thu Jun 05 2003 Nalin Dahyabhai <nalin@xxxxxxxxxx> 3.1p1-7 - backport patch to close timing attacks when PAM authentication is short-circuited by other checks At this iime I am not absolutely sure about that. Michal -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
