Announce: OpenSSH 7.0 released
Damien Miller
djm at mindrot.org
Sat Aug 22 09:28:07 AEST 2015
On Fri, 21 Aug 2015, Bryan Drewery wrote:
> On 8/11/2015 5:53 AM, Damien Miller wrote:
> > * sshd(8): Portable OpenSSH only: Fixed a privilege separation
> > weakness related to PAM support. Attackers who could successfully
> > compromise the pre-authentication process for remote code
> > execution and who had valid credentials on the host could
> > impersonate other users. Reported by Moritz Jodeit.
> >
> > * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
> > related to PAM support that was reachable by attackers who could
> > compromise the pre-authentication process for remote code
> > execution. Also reported by Moritz Jodeit.
>
> Which versions did these first exist in?
They've been there for a long time, over 12 years
More information about the openssh-unix-dev
mailing list