Opened 21 years ago

Closed 21 years ago

Last modified 20 years ago

#962 closed defect (invalid)

UPDATE: openssh 3.7.1p2 for PAM fix

Reported by: charlie@… Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version: 1.0
Keywords: Cc: fkr@…
Port:

Description

Attachments (1)

patch (834 bytes) - added by charlie@… 21 years ago.
patch ahoi

Download all attachments as: .zip

Change History (4)

Changed 21 years ago by charlie@…

Attachment: patch added

patch ahoi

comment:1 Changed 21 years ago by bbraun@…

I'm curious, why do you think this is necissary, or a good idea? The vulnerability lists the following requirements for this to be exploitable: 1) Must be running 3.7 or later 2) Must be built with PAM 3) Must have privsep off. 4) Must have ssh v1 enabled 5) Must have ChallengeResponseAuthentication enabled

Note that requirements 1 and 3 are not met on OS X or OpenDarwin.

comment:2 Changed 21 years ago by charlie@…

I welcome any comments :)

We were running a patched 3.6.1 until now. We build with PAM by default (as does Apple). I am not in charge of what people enable in thier sshd_config. What's wrong with keeping things current? It's certainly good advertising for dports, IMO.

comment:3 Changed 21 years ago by charlie@…

Resolution: invalid
Status: newclosed

This does not work.

Note: See TracTickets for help on using tickets.