SGI Information for VU#369347
OpenSSH vulnerabilities in challenge response handling
- Vendor Information Help Date Notified: 24 Jun 2002
- Statement Date:
- Date Updated: 27 Jun 2002
Unknown. If you are the vendor named above, please contact us to update your status.
At this time, SGI does not ship OpenSSH as a part of IRIX.
The OpenSSH privilege separation code mostly works with IRIX, but it uses a flag to mmap that isn't in IRIX (MAP_ANON) for compression so you can't have both on at the same time. IRIX doesn't ship with PAM so a lot of the PAM issues aren't issues for us.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.