lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: noir at uberhax0r.net (noir@...rhax0r.net)
Subject: yet another panic() in OpenBSD

"please note that" i am here setting the public records straight because
obsd's book keeping seems to be quite wage when it comes to vulnerablities.

what has happen to the openssh remotely exploitable "crc32 deattack.c"
vulnerability in the default install ? (i can remember, exploiting it on
obsd 2.7 default) what about the in.talkd remote format string
vulnerability (2.6, 2.7 ..) ? so can we say "3 remote vulnerabilities in
blah years" or maybe more ?

it seems like mr. hemming would not want to "note that" ...

- noir



On Sat, 22 Nov 2003, Henning Brauer wrote:

> please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes that
> issue.
> This patch was out _before_ the above post.
>
> It's not really hard to look at the patch and post to fd afterwards...
>
> --
> Henning Brauer, BS Web Services, http://bsws.de
> hb@...s.de - henning@...nbsd.org
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists