44 matches found
Fedora 9 : pam_ssh-1.92-10.fc9 (2009-3627)
Thu Mar 26 2009 Dmitry Butskoy - 1.92-10 - Always use standard 'Password:' prompt for the first password's inquire in a PAM chain 492153 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora 10 : pam_ssh-1.92-10.fc10 (2009-3500)
Bug 492153 - CVE-2009-1273 pamssh: Password prompt varies for existent and non-existent users Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
CVE-2009-1273
pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
CVE-2009-1273
pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
CVE-2009-1273
pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
Code injection
pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
CVE-2009-1273
pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
CVE-2009-1273
The CVE-2009-1273 issue affects pam_ssh 1.92 (and possibly other versions) when PAM is built with USE=ssh. The underlying problem is that authentication error messages differ for valid versus invalid usernames, enabling remote users to enumerate usernames. Public references (Fedora advisories FED...
CVE-2009-1273
pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...
pam_ssh用户名枚举漏洞
BUGTRAQ ID: 34333 CNCAN ID:CNCAN-2009040207 pamssh是一款结合SSH密钥和SSH客户端使用的PAM模块,允许使用SSH密钥为UNIX提供登录服务。 pamssh在处理基于SSH KEY的用户验证时存在问题,远程攻击者可以利用漏洞获得敏感用户信息。 当PAM使用USE=ssh编译时,攻击者连接pam+ssh启用的服务器时,如果用户不存在SSH客户端会显示"Password:",而如果是存在用户,则显示"SSH passphrase:",攻击者借此可获得敏感用户信息。 RedHat Fedora 9 RedHat Fedora 10...
Fedora Update for pam_ssh FEDORA-2007-1793
Check for the Version of pamssh OpenVAS Vulnerability Test Fedora Update for pamssh FEDORA-2007-1793 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for pam_ssh FEDORA-2007-1793
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 7 : pam_ssh-1.92-2.fc7 (2007-1793)
Thu Aug 23 2007 Patrice Dumas 1.92-2 - update to 1.92 - Fix 253959, CVE-2007-0844 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
openSUSE 10 Security Update : pam_ssh (pam_ssh-3024)
If you are using pamssh for authentication, 'cron' would crash when trying to execute jobs. This update fixes this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update pamssh-3024. The tex...
pam_ssh空密码短语绕过认证限制漏洞
pamssh是结合SSH密钥和SSH客户端使用的PAM模块,允许使用SSH密钥为UNIX提供登录服务。 pamssh的实现上存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 如果禁用了allowblankpassphrase选项的话,pamssh的pamssh.c文件中的authviakey函数会无法正确地限制同空密码短语使用私钥。在提示输入密码短语时用户可以输入随机的非空短语绕过认证限制而使用空密码短语私钥。 pamssh 1.91 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Authentication flaw
The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
CVE-2007-0844
The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
CVE-2007-0844
The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
CVE-2007-0844
The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
DEBIAN-CVE-2007-0844
The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...