diff -cr ssh-3.0.0/CHANGES ssh-3.0.1/CHANGES *** ssh-3.0.0/CHANGES Thu Jun 7 21:25:58 2001 --- ssh-3.0.1/CHANGES Fri Jul 20 08:54:28 2001 *************** *** 1,3 **** --- 1,13 ---- + 2001-07-19 Graeme Ahokas + + * ssh-3.0.1. + + 2001-07-19 Graeme Ahokas + + * Fixed security problem which allowed users access with + any password to an account whose encrypted password in + /etc/shadow is two characters long. + 2001-05-28 Sami J. Lehtinen * ssh-3.0.0. diff -cr ssh-3.0.0/NEWS ssh-3.0.1/NEWS *** ssh-3.0.0/NEWS Thu Jun 7 21:25:58 2001 --- ssh-3.0.1/NEWS Thu Jul 19 23:21:07 2001 *************** *** 1,4 **** ! CHANGES IN SSH-3.0.0 INCOMPATIBLE WITH 2.4.0 AND OLDER VERSIONS *************************************************************** configure --- 1,4 ---- ! CHANGES IN SSH-3.0.1 INCOMPATIBLE WITH 2.4.0 AND OLDER VERSIONS *************************************************************** configure diff -cr ssh-3.0.0/README ssh-3.0.1/README *** ssh-3.0.0/README Thu Jun 7 21:25:58 2001 --- ssh-3.0.1/README Thu Jul 19 23:20:55 2001 *************** *** 1,10 **** ! SSH 3.0.0 README ================ Timo J. Rinne Sami Lehtinen Anne Carasik ! April 4, 2001. See the file LICENSE for licensing terms. --- 1,10 ---- ! SSH 3.0.1 README ================ Timo J. Rinne Sami Lehtinen Anne Carasik ! July 19, 2001. See the file LICENSE for licensing terms. *************** *** 454,460 **** Note that you need to redirect also stderr (2) to stdout (1). We need those warnings and errors to appear in the log too. ! g) Version number of the Secure Shell release (e.g. 3.0.0) that you're using. See the template in the file BUG.REPORT . --- 454,460 ---- Note that you need to redirect also stderr (2) to stdout (1). We need those warnings and errors to appear in the log too. ! g) Version number of the Secure Shell release (e.g. 3.0.1) that you're using. See the template in the file BUG.REPORT . diff -cr ssh-3.0.0/apps/ssh/ssh2version.h ssh-3.0.1/apps/ssh/ssh2version.h *** ssh-3.0.0/apps/ssh/ssh2version.h Thu Jun 7 21:26:04 2001 --- ssh-3.0.1/apps/ssh/ssh2version.h Thu Jul 19 23:19:26 2001 *************** *** 1 **** ! #define SSH2_VERSION "3.0.0" --- 1 ---- ! #define SSH2_VERSION "3.0.1" diff -cr ssh-3.0.0/lib/sshsession/sshunixuser.c ssh-3.0.1/lib/sshsession/sshunixuser.c *** ssh-3.0.0/lib/sshsession/sshunixuser.c Thu Jun 7 21:26:03 2001 --- ssh-3.0.1/lib/sshsession/sshunixuser.c Fri Jul 20 00:01:49 2001 *************** *** 948,953 **** --- 948,956 ---- } #endif /* _AIX41 */ + if (strlen(correct_passwd) < 13) + return FALSE; + /* Authentication is accepted if the encrypted passwords are identical. */ return strncmp(encrypted_password, correct_passwd, strlen(correct_passwd)) == 0;