A Feature Request

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Dear Sir,

I wish to highlight a security limitation for OpenSSH/PAM.

Issue is attached with openssh-server-5.3p1-122.el6.x86_64
and pam-1.1.1-24.el6.x86_64. Or Both.

*Description of Issue:*

When some unknown visitor tries to open SSH connection and does not submit
password, */var/log/secure* log file is not logging source IP.

In absence of such information (IP) it will be tough to find and block such
visitor.

In case of DDoS attack, were attacker is not giving password but just
establishing connection on SSH, administrator become helpless.

But in same kind of attack or attempt , if unknown visitor submit password
string, openssh logs IP in /var/log/secure log file under name called rhost.

Kindly confirm and possible register this as a feature request.

thanks
Devang



---------- Forwarded message ----------
From: CVE Request <CVE-Request@xxxxxxxxx>
Date: Fri, May 19, 2017 at 6:00 PM
Subject: CVE Request 336279 for CVE ID Request
To: "devang@xxxxxxxxxx" <devang@xxxxxxxxxx>


Thank you for your submission. It will be reviewed by a CVE Assignment Team
member.





Changes, additions, or updates to your request can be sent to the CVE Team
by replying directly to this email.



Please do not change the subject line, which allows us to effectively track
your request.



CVE Assignment Team

M/S M300, 202 Burlington Road, Bedford, MA 01730 USA

[A PGP key is available for encrypted communications at

http://cve.mitre.org/cve/request_id.html]







{CMI: MCID920225}







-- 
Devang Modi
DBA, SCJP, RHCSA, RHCE
(91-79-40077845, 91-9377012569)



-- 
Devang Modi
DBA, SCJP, RHCSA, RHCE
(91-79-40077845, 91-9377012569)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux