Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 4501

Summary: OpenSSH/PAM overflow
Product: Gentoo Linux Reporter: Seemant Kulleen (RETIRED) <seemant>
Component: Current packagesAssignee: Brandon Low (RETIRED) <lostlogic>
Status: RESOLVED FIXED    
Severity: blocker    
Priority: High    
Version: 1.2   
Hardware: x86   
OS: Linux   
URL: http://www.globalintersec.com/adv/openssh-2002062801.txt
Whiteboard:
Package list:
Runtime testing required: ---

Description Seemant Kulleen (RETIRED) gentoo-dev 2002-07-03 16:10:11 UTC 
url says it all. do we need to do anything other than issue an advisory, or are
there PAM thingies which need to be done?
Comment 1 Brandon Low (RETIRED) gentoo-dev 2002-07-03 16:19:13 UTC 
URL Specifies versions prior to 3.4, which have all been removed (by me) from 
the portage tree.  It also specifies that it can gain the privledges of the 
daemon user which is the unpriveledged sshd user since 3.3 on our system.  We 
are safe.