yeah, looks like BS for a number of reasons but I'm going to poke around for it anyway. The memory dump seems in indicate a post-auth process (and possibly sftp-server/internal-sftp), so it's surprising it could see the password hash to begin with and it would be highly unlikely to see anything else that is sensitive. On Mon, 5 May 2014, mancha wrote: > FYI > > ----- Forwarded message from RbN <r.b.n@xxxxxxxxxx> ----- > > > Date: Mon, 05 May 2014 19:40:02 +0200 > > From: RbN <r.b.n@xxxxxxxxxx> > > To: oss-security@xxxxxxxxxxxxxxxxxx > > Subject: [oss-security] *Possible* ssh vulnerability > > User-Agent: mutt (compatible Hurd 3.11/Windows 0.5) > > > > Looks like a fake, but I prefer to post it here anyway: > > http://pastebin.com/gjkivAf3 > > > > If anybody gets more info about it, please share ;) > > > > > > -- > > RbN > > Archlinux CVE monitoring team > > ----- End forwarded message ----- > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev