Attachment 194306 Details for Bug 263579 – A proposed patch to the brute-force username enumeration vulnerability.

[patch] A proposed patch to the brute-force username enumeration vulnerability.

pam_ssh-1.97.patch (text/plain), 1.47 KB, created by Mansour Moufid on 2009-06-11 22:33:18 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Mansour Moufid

Created: 2009-06-11 22:33:18 UTC

Size: 1.47 KB

patch

obsolete

>diff -Nurp pam_ssh-1.97/pam_get_pass.c pam_ssh-1.97.new/pam_get_pass.c
>--- pam_ssh-1.97/pam_get_pass.c	2009-04-11 15:31:31.000000000 -0400
>+++ pam_ssh-1.97.new/pam_get_pass.c	2009-06-11 18:14:15.000000000 -0400
>@@ -87,7 +87,7 @@ pam_get_pass(pam_handle_t *pamh, const c
>          * Always use standard prompt for the first time.
>          */
>         if (item == NULL)
>-                prompt = "Password: ";
>+                prompt = NEED_PASSPHRASE;
> 	if (pam_test_option(options, PAM_OPT_TRY_FIRST_PASS, NULL) ||
> 	    pam_test_option(options, PAM_OPT_USE_FIRST_PASS, NULL)) {
> 		if (retval != PAM_SUCCESS)
>diff -Nurp pam_ssh-1.97/pam_get_pass.h pam_ssh-1.97.new/pam_get_pass.h
>--- pam_ssh-1.97/pam_get_pass.h	2002-09-19 20:00:55.000000000 -0400
>+++ pam_ssh-1.97.new/pam_get_pass.h	2009-06-11 18:13:29.000000000 -0400
>@@ -29,3 +29,5 @@
> __BEGIN_DECLS
> int	pam_get_pass(pam_handle_t *, const char **, const char *, struct options *);
> __END_DECLS
>+
>+#define NEED_PASSPHRASE  "Passphrase: "
>diff -Nurp pam_ssh-1.97/pam_ssh.c pam_ssh-1.97.new/pam_ssh.c
>--- pam_ssh-1.97/pam_ssh.c	2008-05-12 14:57:12.000000000 -0400
>+++ pam_ssh-1.97.new/pam_ssh.c	2009-06-11 18:15:23.000000000 -0400
>@@ -105,7 +105,9 @@
> #endif
> 
> #define	MODULE_NAME			PACKAGE_NAME
>-#define	NEED_PASSPHRASE			"SSH passphrase: "
>+#if !defined(NEED_PASSPHRASE)
>+#define	NEED_PASSPHRASE			"Passphrase: "
>+#endif
> #define DEF_KEYFILES			"id_dsa,id_rsa,identity"
> #define ENV_PID_SUFFIX			"_AGENT_PID"
> #define ENV_SOCKET_SUFFIX		"_AUTH_SOCK"

Actions: View | Diff

Attachments on bug 263579: 194306