[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD rootkit?

Good god you're stupid!

www.openbsd.org says

	One remote hole in the default install, in nearly 6 years!

The CRC32 problem did NOT affect OpenBSD.

It might be used to cause an sshd to do something wrong, but it

Therefore, it is NOT COUNTED.

Look, you really might want to shut up before you look even more

> On Sun, Jul 14, 2002, Theo de Raadt wrote:
> > It was not vulnerable to a remote root hole LIKE IT SAYS ON THE DAMN WEB
> > PAGE.
> On which one? 
> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html clearly
> says, that OpenSSH was vulnerable to CRC32 integer overflow. 
> http://www.openssh.com/security.html says it too:
> "A buffer overflow in the CRC32 compensation attack detector can lead to
> remote root access. This problem has been fixed in OpenSSH 2.3.0. However,
> versions prior to 2.3.0 are vulnerable."
> -- 
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *