VULHUB ™

A possible security issue for sshd in OpenBSD has been reported. A vulnerability related to the implementation of BSD authentication exists in sshd that may have security implications. In access configurations which use YP with netgroups, sshd will authenticate users via ACL by checking for the requested username and password. Under certain circumstances, when sshd does ACL checks for the requested username, it may instead use the password entry of a different user for authentication. This could occur in environments where YP/NIS is in use.

A possible security issue for sshd in OpenBSD has been reported. A vulnerability related to the implementation of BSD authentication exists in sshd that may have security implications. In access configurations which use YP with netgroups, sshd will authenticate users via ACL by checking for the requested username and password. Under certain circumstances, when sshd does ACL checks for the requested username, it may instead use the password entry of a different user for authentication. This could occur in environments where YP/NIS is in use.