On Fri, Sep 11, 2015 at 3:32 AM, Scott Neugroschl <scott_n@xxxxxxxxx> wrote: > Got a question. Am I vulnerable to CVE-2015-6563 and CVE-2015-6564 if I > have PAM support disabled (--without-pam) > No. The code in question is not compiled in when sshd is built --without-pam. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev