Previously Wim Fournier wrote: > I just read this over at iss, it seems that the vuln only exists for > default installations of BSD and only for S-KEY and BSD authentication.
That advisory sucks :). Keyboard-interactive authentication is vulnerable, and we use that for PAM as well by default (that makes PAM modules which use a conversation function like libpam-opie work). Wichert. -- _________________________________________________________________ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED] http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
