> vulnerable. OpenPKG installations are only affected if the package was > built with option "with_pam" set to "yes" -- which is not the default. Incorrect. You mean "--with-pam" in ./configure (not default) or "UsePam yes" (default, before 3.7.1p2) in sshd_config. Neither of these options is called "use_pam". -d