Hi, Johannes Verelst wrote: > > Summarized, this exploit only works if you have in your sshd_config: > > PAMAuthenticationViaKbdInt yes > UsePrivilegeSeparation no > > The default values for both my unstable and stable debian boxes appear > to be: > > PAMAuthenticationViaKbdInt no > UsePrivilegeSeparation yes
potato box, installed potato: PAMAuthenticationViaKbdInt yes #UsePrivilegeSeparation yes woody box, installed potato&upgraded: PAMAuthenticationViaKbdInt yes #UsePrivilegeSeparation yes woody box, installed woody: PAMAuthenticationViaKbdInt no UsePrivilegeSeparation yes But i think i am also not vulnerable because privsep is default since 3.3. Regards, Ralf Dreibrodt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
