I am sure someone has some boxes out there still....
http://lists.grok.org.uk/pipermail/full-disclosure/2011-June/081722.html
A simple work around *seems* to be to disable PAM on sshd. i.e in
/etc/ssh/sshd_config
set the following from yes to no
# Change to no to disable PAM authentication
ChallengeResponseAuthentication no
I wonder if other apps that make use of PAM can trigger the bug as well ?
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [email protected]
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
