[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] yet another panic() in OpenBSD

To: Henning Brauer <henning@openbsd.org>
Subject: Re: [Full-Disclosure] yet another panic() in OpenBSD
From: noir@uberhax0r.net
Date: Mon, 24 Nov 2003 14:55:24 -0500 (EST)

"please note that" i am here setting the public records straight because
obsd's book keeping seems to be quite wage when it comes to vulnerablities.

what has happen to the openssh remotely exploitable "crc32 deattack.c"
vulnerability in the default install ? (i can remember, exploiting it on
obsd 2.7 default) what about the in.talkd remote format string
vulnerability (2.6, 2.7 ..) ? so can we say "3 remote vulnerabilities in
blah years" or maybe more ?

it seems like mr. hemming would not want to "note that" ...

- noir

On Sat, 22 Nov 2003, Henning Brauer wrote:

> please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes that
> issue.
> This patch was out _before_ the above post.
>
> It's not really hard to look at the patch and post to fd afterwards...
>
> --
> Henning Brauer, BS Web Services, http://bsws.de
> hb@bsws.de - henning@openbsd.org
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] yet another panic() in OpenBSD
  - From: Henning Brauer <henning@openbsd.org>

Prev by Date: [Full-Disclosure] os x 10.2.x has 8 character password limit
Next by Date: [Full-Disclosure] Re: hard links on Linux create local DoS vulnerability and security problems
Previous by thread: Re: [Full-Disclosure] yet another panic() in OpenBSD
Next by thread: [Full-Disclosure] safari dos
Index(es):
- Date
- Thread