Re: Set the way-back machine to OpenSSH 1.2.1

To: Brian Boonstra <boonstb@cmg.FCNBD.COM>
Cc: debian-security@lists.debian.org
Subject: Re: Set the way-back machine to OpenSSH 1.2.1
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Wed, 03 Jul 2002 19:45:12 +0200
Message-id: <[🔎] 87hejgvh7b.fsf@CERT.Uni-Stuttgart.DE>
In-reply-to: <[🔎] 200207031713.MAA00784@wo1203.cmg.FCNBD.COM> (Brian Boonstra's message of "Wed, 3 Jul 2002 12:13:02 -0500")
References: <E029A8E4-8806-11D6-BA36-00039355CFA6@suespammers.org> <[🔎] 200207031713.MAA00784@wo1203.cmg.FCNBD.COM>

Brian Boonstra <boonstb@cmg.FCNBD.COM> writes:

> Let's say, hypothetically, that I happen to be responsible for a machine  
> running OpenSSH 1.2.1.  I checked, and it's not vulnerable to the recent  
> xmalloc() overflow seen on versions 3.x.
>
> Are there any known *remote* root exploits on this version?

Exploits?  Perhaps.  This version is affected by the CRC32 attack
detector bug published widely in early 2001, which became a popular
way to break into systems around October 2001.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Set the way-back machine to OpenSSH 1.2.1
  - From: Brian Boonstra <boonstb@cmg.FCNBD.COM>

Prev by Date: Set the way-back machine to OpenSSH 1.2.1
Next by Date: Re: ***DEB*: Set the way-back machine to OpenSSH 1.2.1
Previous by thread: Set the way-back machine to OpenSSH 1.2.1
Next by thread: Re: ***DEB*: Set the way-back machine to OpenSSH 1.2.1
Index(es):
- Date
- Thread