[oss-security] *Possible* ssh vulnerability

Markus Friedl mfriedl at gmail.com
Mon May 12 18:39:49 EST 2014

Am 09.05.2014 um 12:08 schrieb Dag-Erling Smørgrav <des at des.no>:

> Damien Miller <djm at mindrot.org> writes:
>> The memory dump seems in indicate a post-auth process (and possibly
>> sftp-server/internal-sftp), so it's surprising it could see the
>> password hash to begin with and it would be highly unlikely to see
>> anything else that is sensitive.
> (caveat: my recollection of the privsep model is slightly hazy; is there
> a whitepaper somewhere?)



More information about the openssh-unix-dev mailing list