On Fri, 21 Aug 2015, Bryan Drewery wrote: > On 8/11/2015 5:53 AM, Damien Miller wrote: > > * sshd(8): Portable OpenSSH only: Fixed a privilege separation > > weakness related to PAM support. Attackers who could successfully > > compromise the pre-authentication process for remote code > > execution and who had valid credentials on the host could > > impersonate other users. Reported by Moritz Jodeit. > > > > * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug > > related to PAM support that was reachable by attackers who could > > compromise the pre-authentication process for remote code > > execution. Also reported by Moritz Jodeit. > > Which versions did these first exist in? They've been there for a long time, over 12 years _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
