Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD

This seems to be in libopie rather than sshd or libpam and happens
when the username is longer than OPIE_PRINCIPAL_MAX. I'm not sure
exactly where inside libopie it is, but commenting out pam_opie.so
seems to prevent it.

http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libpam/modules/pam_opie/pam_opie.c?annotate=1.26
prevents usernames longer than OPIE_PRINCIPAL_MAX from being accepted
by pam_opie.

-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69     Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

• This message: [ Message body ]
• Next message: Pavel Carrillo: "Re: [Full-disclosure] [Spanish] Curso gratuito: Linux exploit development - ASCII Armor Bypass Return-To-PLT"
• Previous message: Jeffrey Walton: "Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD"
• Maybe in reply to: root: "Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD"
• Next in thread: Dag-Erling Smørgrav: "Re: [Full-disclosure] OpenSSH 3.5p1 Remote Root Exploit for FreeBSD"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]