[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD rootkit?



Good god you're stupid!

www.openbsd.org says

	One remote hole in the default install, in nearly 6 years!

The CRC32 problem did NOT affect OpenBSD.

It might be used to cause an sshd to do something wrong, but it
is NOT a REMOTE HOLE!

Therefore, it is NOT COUNTED.

Look, you really might want to shut up before you look even more
ignorant!

> On Sun, Jul 14, 2002, Theo de Raadt wrote:
> > It was not vulnerable to a remote root hole LIKE IT SAYS ON THE DAMN WEB
> > PAGE.
> 
> On which one? 
> 
> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html clearly
> says, that OpenSSH was vulnerable to CRC32 integer overflow. 
> 
> http://www.openssh.com/security.html says it too:
> 
> "A buffer overflow in the CRC32 compensation attack detector can lead to
> remote root access. This problem has been fixed in OpenSSH 2.3.0. However,
> versions prior to 2.3.0 are vulnerable."
> 
> -- 
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *