Re: Fwd: [oss-security] *Possible* ssh vulnerability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



yeah, looks like BS for a number of reasons but I'm going to poke
around for it anyway.

The memory dump seems in indicate a post-auth process (and possibly
sftp-server/internal-sftp), so it's surprising it could see the
password hash to begin with and it would be highly unlikely to see
anything else that is sensitive.

On Mon, 5 May 2014, mancha wrote:

> FYI
> 
> ----- Forwarded message from RbN <r.b.n@xxxxxxxxxx> -----
> 
> > Date: Mon, 05 May 2014 19:40:02 +0200
> > From: RbN <r.b.n@xxxxxxxxxx>
> > To: oss-security@xxxxxxxxxxxxxxxxxx
> > Subject: [oss-security] *Possible* ssh vulnerability
> > User-Agent: mutt (compatible Hurd 3.11/Windows 0.5)
> > 
> > Looks like a fake, but I prefer to post it here anyway:
> > http://pastebin.com/gjkivAf3
> > 
> > If anybody gets more info about it, please share ;)
> > 
> > 
> > --
> > RbN
> > Archlinux CVE monitoring team
> 
> ----- End forwarded message -----
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux