F-Secure Not Affected

Updated:  December 11, 2001

Status

Not Affected

Vendor Statement

The F-Secure SSH versions 2.x - 3.x calls pam_open_session regardless whether pty is requested or not. The F-Secure SSH versions 1.x don't implement PAM authentication.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenSSH Affected

Updated:  December 07, 2001

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SSH Communications Security Not Affected

Notified:  December 07, 2001 Updated: December 12, 2001

Status

Not Affected

Vendor Statement

I can confirm that we are not vulnerable this due to different PAM implementation style.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.