Contributed by jose on from the cvs-up-&&-make-build dept.
If you haven't upgraded, now's probably when you should schedule some time to do this right away.
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the cvs-up-&&-make-build dept.
If you haven't upgraded, now's probably when you should schedule some time to do this right away.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By RC () on
If you ask me, S/Key auth shouldn't have been enabled in OpenBSD by default. Remember all that stuff on the OpenBSD web page that say's they shut off unnecessary services? Wouldn't it be nice if it were true?
.
.
Comments
By lt () on
Comments
By skull () on
Comments
By RC () on
By Miod Vallat () miod@openbsd.org on mailto:miod@openbsd.org
By Not Really Anonymous () on
I would rather use the provided patch instead of hoping that the S/Key auth is never enabled again for some mystical magical reason.
By Anonymous Coward () on
Guess that means Theo's doing something right :).
Comments
By skull () on
If anything we should thank "GOBBLES" for keeping the OPENBSD /development team/ and /community/ on their collective toes.
"If GOBBLES didn't exist, it would be necessary to invent him."
-Skull
Comments
By Lars Hansson () on
By methodic () methodic@bigunz.angrypacket.com on http://sec.angrypacket.com
427 ssh.diff
wc -l of OpenSSH 3.4 (*.c and *.h):
47592 total
What it comes down to, is the OpenSSH team gave us a great, very useful piece of software, and the GOBBLES team gave us an exploit that people wont even remember 6 months from now. I am all for full-disclosure, and a working exploit is going beyond the call of duty, but GOBBLES ego shouldn't be as big as it is. It doesn't take skill to break software, it takes skill to write something useful.
Comments
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
Patching is easy. Follow the -STABLE branch of your tree, do a make build, and you will be protected from the ssh exploit, apache vuln, and the DNS resolver vuln. I have a pretty shell script that will automate the process for people who run into problems (NOT expected).