Not sure if Jon has a specific exploit in mind, but here's a quick list:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pam
I don't think that it was really an SSH-related exploit that happened here, but I note that the use of the SSH1 protocol is not pretty much "officially" frowned upon.
P.S. hehe, don't rush on those tapes, Jerry.
