Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 194306 Details for
Bug 263579
<sys-auth/pam_ssh-1.97: Information disclosure if pam compiled with USE=ssh (usernames can be verified) (CVE-2009-1273)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
A proposed patch to the brute-force username enumeration vulnerability.
pam_ssh-1.97.patch (text/plain), 1.47 KB, created by
Mansour Moufid
on 2009-06-11 22:33:18 UTC
(
hide
)
Description:
A proposed patch to the brute-force username enumeration vulnerability.
Filename:
MIME Type:
Creator:
Mansour Moufid
Created:
2009-06-11 22:33:18 UTC
Size:
1.47 KB
patch
obsolete
>diff -Nurp pam_ssh-1.97/pam_get_pass.c pam_ssh-1.97.new/pam_get_pass.c >--- pam_ssh-1.97/pam_get_pass.c 2009-04-11 15:31:31.000000000 -0400 >+++ pam_ssh-1.97.new/pam_get_pass.c 2009-06-11 18:14:15.000000000 -0400 >@@ -87,7 +87,7 @@ pam_get_pass(pam_handle_t *pamh, const c > * Always use standard prompt for the first time. > */ > if (item == NULL) >- prompt = "Password: "; >+ prompt = NEED_PASSPHRASE; > if (pam_test_option(options, PAM_OPT_TRY_FIRST_PASS, NULL) || > pam_test_option(options, PAM_OPT_USE_FIRST_PASS, NULL)) { > if (retval != PAM_SUCCESS) >diff -Nurp pam_ssh-1.97/pam_get_pass.h pam_ssh-1.97.new/pam_get_pass.h >--- pam_ssh-1.97/pam_get_pass.h 2002-09-19 20:00:55.000000000 -0400 >+++ pam_ssh-1.97.new/pam_get_pass.h 2009-06-11 18:13:29.000000000 -0400 >@@ -29,3 +29,5 @@ > __BEGIN_DECLS > int pam_get_pass(pam_handle_t *, const char **, const char *, struct options *); > __END_DECLS >+ >+#define NEED_PASSPHRASE "Passphrase: " >diff -Nurp pam_ssh-1.97/pam_ssh.c pam_ssh-1.97.new/pam_ssh.c >--- pam_ssh-1.97/pam_ssh.c 2008-05-12 14:57:12.000000000 -0400 >+++ pam_ssh-1.97.new/pam_ssh.c 2009-06-11 18:15:23.000000000 -0400 >@@ -105,7 +105,9 @@ > #endif > > #define MODULE_NAME PACKAGE_NAME >-#define NEED_PASSPHRASE "SSH passphrase: " >+#if !defined(NEED_PASSPHRASE) >+#define NEED_PASSPHRASE "Passphrase: " >+#endif > #define DEF_KEYFILES "id_dsa,id_rsa,identity" > #define ENV_PID_SUFFIX "_AGENT_PID" > #define ENV_SOCKET_SUFFIX "_AUTH_SOCK"
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 263579
:
194306