[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD rootkit?
On Sun, Jul 14, 2002, Theo de Raadt wrote:
> It was not vulnerable to a remote root hole LIKE IT SAYS ON THE DAMN WEB
On which one?
says, that OpenSSH was vulnerable to CRC32 integer overflow.
http://www.openssh.com/security.html says it too:
"A buffer overflow in the CRC32 compensation attack detector can lead to
remote root access. This problem has been fixed in OpenSSH 2.3.0. However,
versions prior to 2.3.0 are vulnerable."
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: email@example.com ** PGP: D48684904685DF43EA93AFA13BE170BF *