On 8/11/2015 5:53 AM, Damien Miller wrote: > * sshd(8): Portable OpenSSH only: Fixed a privilege separation > weakness related to PAM support. Attackers who could successfully > compromise the pre-authentication process for remote code > execution and who had valid credentials on the host could > impersonate other users. Reported by Moritz Jodeit. > > * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug > related to PAM support that was reachable by attackers who could > compromise the pre-authentication process for remote code > execution. Also reported by Moritz Jodeit. Which versions did these first exist in? -- Regards, Bryan Drewery
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev