Package: libpam-ssh
Version: 1.91.0-9.1
Severity: important
Tags: security

The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the
allow_blank_passphrase option is disabled, allows remote attackers to
bypass authentication restrictions and use private encryption keys
requiring a blank passphrase by entering a non-blank passphrase.

Reference:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0844
http://sourceforge.net/project/shownotes.php?release_id=484376
http://secunia.com/advisories/24061

Note:
Please mention the CVE id in the changelog.



regards,
-- 
   .''`.  
  : :' :    Alex de Oliveira Silva | enerv
  `. `'     www.enerv.net
    `- 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to