关键漏洞信息 1. 漏洞标题 Title: OpenSSH/PAM timing attack allows remote users identification 2. 漏洞详情 Application: OpenSSH-portable <= 3.6.1p1 Platform: Linux, maybe others Description: A remote attacker can identify valid users on vulnerable systems, all PAM-enabled systems are potentially affected. 3. 漏洞严重性 The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation. 4. 受影响平台 All vendors supporting Linux-PAM are potentially affected. - Debian GNU/Linux - Red Hat Linux - Mandrake Linux - SuSE Linux - Caldera/SCO Linux - Apple OS-X - MSC.Linux 5. 修复方法 There is currently no complete fix to this. Solar Designer has written an OpenSSH-portable patch for Openwall GNU/*/Linux that makes OpenSSH always run PAM with password authentication, even for non-existent or not allowed usernames, thus fixing the bigger problem. 6. 关联链接 http://lab.mediaservice.net/advisory/2003-01-openssh.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190 http://lab.mediaservice.net/code/ssh_brute.c http://lab.mediaservice.net/code/openssh-3.6.1p1_brute.diff