diff -cr ssh-3.0.0/CHANGES ssh-3.0.1/CHANGES
*** ssh-3.0.0/CHANGES   Thu Jun  7 21:25:58 2001
--- ssh-3.0.1/CHANGES   Fri Jul 20 08:54:28 2001
***************
*** 1,3 ****
--- 1,13 ----
+ 2001-07-19  Graeme Ahokas  <[email protected]>
+
+         * ssh-3.0.1.
+
+ 2001-07-19  Graeme Ahokas  <[email protected]>
+
+         * Fixed security problem which allowed users access with
+           any password to an account whose encrypted password in
+           /etc/shadow is two characters long.
+
 2001-05-28  Sami J. Lehtinen  <[email protected]>

       * ssh-3.0.0.
diff -cr ssh-3.0.0/NEWS ssh-3.0.1/NEWS
*** ssh-3.0.0/NEWS      Thu Jun  7 21:25:58 2001
--- ssh-3.0.1/NEWS      Thu Jul 19 23:21:07 2001
***************
*** 1,4 ****
! CHANGES IN SSH-3.0.0 INCOMPATIBLE WITH 2.4.0 AND OLDER VERSIONS
 ***************************************************************

 configure
--- 1,4 ----
! CHANGES IN SSH-3.0.1 INCOMPATIBLE WITH 2.4.0 AND OLDER VERSIONS
 ***************************************************************

 configure
diff -cr ssh-3.0.0/README ssh-3.0.1/README
*** ssh-3.0.0/README    Thu Jun  7 21:25:58 2001
--- ssh-3.0.1/README    Thu Jul 19 23:20:55 2001
***************
*** 1,10 ****
! SSH 3.0.0 README
 ================

         Timo J. Rinne <[email protected]>
       Sami Lehtinen <[email protected]>
       Anne Carasik  <[email protected]>
!         April 4, 2001.

       See the file LICENSE for licensing terms.

--- 1,10 ----
! SSH 3.0.1 README
 ================

         Timo J. Rinne <[email protected]>
       Sami Lehtinen <[email protected]>
       Anne Carasik  <[email protected]>
!         July 19, 2001.

       See the file LICENSE for licensing terms.

***************
*** 454,460 ****
          Note that you need to redirect also stderr (2) to stdout (1).
          We need those warnings and errors to appear in the log too.

!         g) Version number of the Secure Shell release (e.g. 3.0.0) that
            you're using.

    See the template in the file BUG.REPORT .
--- 454,460 ----
          Note that you need to redirect also stderr (2) to stdout (1).
          We need those warnings and errors to appear in the log too.

!         g) Version number of the Secure Shell release (e.g. 3.0.1) that
            you're using.

    See the template in the file BUG.REPORT .
diff -cr ssh-3.0.0/apps/ssh/ssh2version.h ssh-3.0.1/apps/ssh/ssh2version.h
*** ssh-3.0.0/apps/ssh/ssh2version.h    Thu Jun  7 21:26:04 2001
--- ssh-3.0.1/apps/ssh/ssh2version.h    Thu Jul 19 23:19:26 2001
***************
*** 1 ****
! #define SSH2_VERSION "3.0.0"
--- 1 ----
! #define SSH2_VERSION "3.0.1"
diff -cr ssh-3.0.0/lib/sshsession/sshunixuser.c ssh-3.0.1/lib/sshsession/sshunixuser.c
*** ssh-3.0.0/lib/sshsession/sshunixuser.c      Thu Jun  7 21:26:03 2001
--- ssh-3.0.1/lib/sshsession/sshunixuser.c      Fri Jul 20 00:01:49 2001
***************
*** 948,953 ****
--- 948,956 ----
   }
 #endif /* _AIX41 */

+   if (strlen(correct_passwd) < 13)
+     return FALSE;
+
   /* Authentication is accepted if the encrypted passwords are identical. */
   return strncmp(encrypted_password, correct_passwd,
                  strlen(correct_passwd)) == 0;

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.