Full Disclosure mailing list archives
Re: yet another panic() in OpenBSD
From: noir () uberhax0r net
Date: Mon, 24 Nov 2003 14:55:24 -0500 (EST)
"please note that" i am here setting the public records straight because obsd's book keeping seems to be quite wage when it comes to vulnerablities. what has happen to the openssh remotely exploitable "crc32 deattack.c" vulnerability in the default install ? (i can remember, exploiting it on obsd 2.7 default) what about the in.talkd remote format string vulnerability (2.6, 2.7 ..) ? so can we say "3 remote vulnerabilities in blah years" or maybe more ? it seems like mr. hemming would not want to "note that" ... - noir On Sat, 22 Nov 2003, Henning Brauer wrote:
please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes that issue. This patch was out _before_ the above post. It's not really hard to look at the patch and post to fd afterwards... -- Henning Brauer, BS Web Services, http://bsws.de hb () bsws de - henning () openbsd org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- yet another panic() in OpenBSD noir (Nov 21)
- Re: yet another panic() in OpenBSD Henning Brauer (Nov 22)
- Re: yet another panic() in OpenBSD noir (Nov 24)
- Re: yet another panic() in OpenBSD Henning Brauer (Nov 22)