OpenBSD Security Advisory - OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication. This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either. Fix available here.
68fbfb4c37fcf6a2ccb203e9d14a67d3faefbbe5b690c673b4d718c46e3d1004OpenBSD Security Advisory - A one byte buffer overflow bug in ftpd(8) allows remote attackers to execute arbitrary code as root provided they can create a directory.
0dbdf75b4723fe8bfe9ab6d31f303c851e38ba61ac63eb3664deef47a6b5ed86OpenBSD Advisories - There is a format string vulnerability present in the pw_error() function of OpenBSD 2.7's libutil library can yield localhost users root access through the setuid /usr/bin/chpass utility. Affected versions: OpenBSD versions through 2.7. FreeBSD 4.0 is vulnerable, but patches have been backported, and FreeBSD versions 4.1 and 4.1.1 are safe.
c4dc0e1f0cf54500d97b341679ab07d2223bed756a6b56374ca34a7169f219cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed