Yes, It's somewhat of a new bug that spawned from the media service advisory on user enumeration via a timing issue if OpenSSH is compiled with PAM support.
It's not a remote root per say, but mainly an enumeration weakness. By applying 'nodelay' option for pam_unix.so, this 'feature' is remedied. On Tuesday 06 May 2003 09:47, Diederik de Vries wrote: > Hi there! > > Today I was surfing on SecurityFocus, and saw that there was a hole in > OpenSSH (http://www.securityfocus.com/bid/7482/info/). Debian Potato > uses OpenSSH 3.1 p1, which seems to be exploitable. > > Is this true, am I missing something or what? > > Thanks! > > > Diederik de Vries > Netnation Europe > > Heemraadsingel 188 > 3021 DM Rotterdam > T: +31-10-4776515 > F: +31-10-2440250 -- ------------------------------ Orlando Padilla http://www.g0thead.com/xbud.asc "I only drink to make other people interesting" ------------------------------