oss-security - Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 3 Jan 2012 23:39:03 +0100
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)

Hi,
* Solar Designer <solar@...nwall.com> [2012-01-03 02:58]:
> On Tue, Jan 03, 2012 at 12:33:01AM +0100, Nico Golde wrote:
> > P.S. if anyone has a clue on why that script still works with dropbear, even 
> > though it already seems to implement per-ip based connection counting...
> 
> Does it still work?  I was not able to reproduce that.  I built Dropbear
> 2011.54, generated an RSA host key with "./dropbearkey -t rsa -f
> dropbear_rsa_host_key" and started the service with "./dropbear -r
> dropbear_rsa_host_key -p 2222". 

Ignore my P.S., I tested this again and the patch works as expected.
Sorry for the confusion...

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.