Brian Boonstra <[EMAIL PROTECTED]> writes: > Let's say, hypothetically, that I happen to be responsible for a machine > running OpenSSH 1.2.1. I checked, and it's not vulnerable to the recent > xmalloc() overflow seen on versions 3.x. > > Are there any known *remote* root exploits on this version?
Exploits? Perhaps. This version is affected by the CRC32 attack detector bug published widely in early 2001, which became a popular way to break into systems around October 2001. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
