Fedora 7 : pam_ssh-1.92-2.fc7 (2007-1793)

Thu Aug 23 2007 Patrice Dumas 1.92-2 - update to 1.92 - Fix 253959, CVE-2007-0844 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

CVE-2007-0844

The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...

DEBIAN-CVE-2007-0844

The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...

CVE-2007-0844

CVE-2007-0844 affects pam_ssh (pam_ssh.c) where auth_via_key allows remote attackers to bypass authentication when allow_blank_passphrase is disabled. The vulnerability lies in pam_ssh before version 1.92, enabling use of private keys that require a blank passphrase by entering a non-blank passph...