[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD rootkit?
Good god you're stupid!
One remote hole in the default install, in nearly 6 years!
The CRC32 problem did NOT affect OpenBSD.
It might be used to cause an sshd to do something wrong, but it
is NOT a REMOTE HOLE!
Therefore, it is NOT COUNTED.
Look, you really might want to shut up before you look even more
> On Sun, Jul 14, 2002, Theo de Raadt wrote:
> > It was not vulnerable to a remote root hole LIKE IT SAYS ON THE DAMN WEB
> > PAGE.
> On which one?
> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html clearly
> says, that OpenSSH was vulnerable to CRC32 integer overflow.
> http://www.openssh.com/security.html says it too:
> "A buffer overflow in the CRC32 compensation attack detector can lead to
> remote root access. This problem has been fixed in OpenSSH 2.3.0. However,
> versions prior to 2.3.0 are vulnerable."
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: firstname.lastname@example.org ** PGP: D48684904685DF43EA93AFA13BE170BF *