Re: Set the way-back machine to OpenSSH 1.2.1
Brian Boonstra <boonstb@cmg.FCNBD.COM> writes:
> Let's say, hypothetically, that I happen to be responsible for a machine
> running OpenSSH 1.2.1. I checked, and it's not vulnerable to the recent
> xmalloc() overflow seen on versions 3.x.
>
> Are there any known *remote* root exploits on this version?
Exploits? Perhaps. This version is affected by the CRC32 attack
detector bug published widely in early 2001, which became a popular
way to break into systems around October 2001.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: