Astaro.org (Read-Only)

ASG V7.000 BETA (closed) Astaro SSH Server vulnerable to CRC32 ?

Astaro SSH Server vulnerable to CRC32 ?

Markus Hennig over 23 years ago

plz do not crossposting!

Parents

0 nicob over 23 years ago

Hi ASL hackers !

I wonder if the code used in the Astaro SSH server is derivated from a server which was vulnerable to the CRC32 attack (eg. OpenSSH).

In this case, all astaro fw would be vulnerable to REMOTE ROOT exploit !

I know that the Astaro SSH server is only ssh-v.1 compatible (is v.2 planned ?) and that's a security concern, at least for me.
But a remote root would be a LOT worse !!!

Thanks,
Nicob
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 nicob over 23 years ago

Hi ASL hackers !

I wonder if the code used in the Astaro SSH server is derivated from a server which was vulnerable to the CRC32 attack (eg. OpenSSH).

In this case, all astaro fw would be vulnerable to REMOTE ROOT exploit !

I know that the Astaro SSH server is only ssh-v.1 compatible (is v.2 planned ?) and that's a security concern, at least for me.
But a remote root would be a LOT worse !!!

Thanks,
Nicob
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data