Slashdot Mirror

← Back to Stories (view on slashdot.org)

The OpenSSH Bug That Wasn't

Posted by timothy on from the or-only-kind-of-is dept.

badger.foo writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.

2 of 55 comments (clear)

  1. Re:It may not be an OpenSSH bug ... by Demonoid-Penguin · · Score: 1, Funny

    ... but still, if PAM is configured with OpenSSH, a PAM bug may sometimes be mis-identified to be an OpenSSH bug

    No matter if it's a PAM bug or an OpenSSH bug, a but report which points out a vulnerability is good thing for the community - something that will allow the users to tighten up their configuration to deny that bug from being able to function in the first place

    Does not parse.

    tl;dr Huh?

  2. Re:It may not be an OpenSSH bug ... by Hognoxious · · Score: 4, Funny

    No, my parser is fine. Your's matches your usename

    Luckily I just ordered a new pack of needles for my irony meter.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."