OpenSSH Vulnerability Discovered

← Back to Stories (view on slashdot.org)

OpenSSH Vulnerability Discovered

Posted by ryuzaki0 on Saturday April 1, 2006 @03:38AM from the well-thats-not-good dept.

farker haiku writes "Those of you who haven't heard of the metasploit project, it's an open source product for performing security audits. This time they've managed to find a remote buffer overflow in OpenSSH. Ya'll might want to read the link and then do whatever updating is necessary." It's unfortunate that something like this gets released today since nobody will bother to patch.

24 of 116 comments (clear)

Min score:

Reason:

Sort:

Beer sploit confirmed! by Ckwop · 2006-04-01 03:39 · Score: 4, Funny

My stomach had a couple of buffer overflows last-night. It was sploited by Arthur Guinness, well known for his ingenious bowel movement exploits.

It may take a life time to fix this vulnerability :(

Simon
1. Re:Beer sploit confirmed! by MustardMan · 2006-04-01 03:43 · Score: 4, Funny
  
  Using beer as exploit!? Brilliant!
I don't care! Exploit me! by Opportunist · 2006-04-01 03:41 · Score: 2, Funny

C'mon, I dare you to send 1025 beers my way!

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Kilobeer by jrmcferren · 2006-04-01 03:43 · Score: 2, Funny

I guess that this will only allow the sending of one kilobeer.

--
sudo mod me up
#include by Radical250 · 2006-04-01 03:44 · Score: 2, Funny

This exploit has been found to be connected to a flaw in the Beer.h library. Work to resolve this issue will be resumed shortly after those responsible are sober again.
Insert Typical Slashbot April Fools Complaint by Eagle5596 · 2006-04-01 03:44 · Score: 4, Funny

Random complaining about April Fools. Mentioning that somehow my pathetic Slashbot life is above April Fools. Pretending that this somehow really inconviences me. Random ranting about the quality of Slashdot having degenerated. Not noting that I still seem to be here despite the supposed quality drop. More ranting, possibly about the current article. Protesting the personal problems this story has caused me. Indicating through my lack of a sense of humor that I must be from Finland. More random complaints, followed by a lack of the irony that I am so pathetic to take this joke personally.

----
-Signiture as unamusing as the current slashdot story.
1. Re:Insert Typical Slashbot April Fools Complaint by Eagle5596 · 2006-04-01 03:47 · Score: 4, Funny
  
  Insignificant self righteous followup to include the comments I forgot about. Not mentioning that if I hadn't been a douche and used the preview button, this wouldn't be a followup. Idiotic closing insult.
2. Re:Insert Typical Slashbot April Fools Complaint by Uber+Banker · 2006-04-01 03:57 · Score: 4, Funny
  
  Comment to complain about grammer and spelling promlem's that the very reply also exhibits.
3. Re:Insert Typical Slashbot April Fools Complaint by pohl · 2006-04-01 04:20 · Score: 2, Funny
  
  snarky, bad meta-level joke
  
  --
  The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
4. Re:Insert Typical Slashbot April Fools Complaint by Bozzio · 2006-04-01 04:25 · Score: 2, Funny
  
  Reply complaining about obvious grammar and spelling mistakes while completely missing the joke.
  
  --
  I just pooped your party.
5. Re:Insert Typical Slashbot April Fools Complaint by Ctrl-Z · 2006-04-01 04:50 · Score: 2, Funny
  
  Off-topic reply piggy-backing on high-karma thread to have comments appear near the top of the page.
  
  --
  www.timcoleman.com is a total waste of your time. Never go there.
6. Re:Insert Typical Slashbot April Fools Complaint by caffeination · 2006-04-01 05:12 · Score: 2, Funny
  
  Clichéd Informative karma whore reply explaining that Funny mods yield no karma unto the poster.
7. Re:Insert Typical Slashbot April Fools Complaint by Uber+Banker · 2006-04-01 05:24 · Score: 2, Funny
  
  Complaint about the misuse of irony in the original comment, even thought there was a good chance it was used correctly. Something about karma whoring. Also request other users do not post AC.
Somebody used this to hack the slashdot.jp page by Anonymous Coward · 2006-04-01 03:46 · Score: 2, Funny

Using the recently discovered openssh hole, hackers^Wvandales defaced the slashdot.jp page, and changed the new pink color scheme back to the old ugly green theme. Management of slashdot was not available for comment.

--
me spell? me not even now eigo.
Enough already! by TangoCharlie · 2006-04-01 03:46 · Score: 3, Funny

Look, it's not funny anymore. No more April Fools jokes! OK!

The really unfunny thing is that this is _so_ obviously an April
Fools joke, that's it's not even remotely funny. At least the "UK
Government shutting down GSM" was a plausible story, but this...

Sheesh!

--
return 0; }
LINUX DEVELOPERS!!!! LOOK WHAT YOU HAVE DONE!!! by Anonymous Coward · 2006-04-01 03:47 · Score: 1, Funny

LINUX DEVELOPERS!! Look what you've done with your software now!!! You've put out the Sun!!!!
APRIL FOOLS!! by cdn2k1 · 2006-04-01 03:49 · Score: 4, Funny

OMG lol you almost got me there for a second, i was rushing to patch my box but then i fi-#$!#@$%#@^&%

NO CARRIER
Annoying reactionary flame by caffeination · 2006-04-01 04:01 · Score: 4, Funny

Obligatory claim to be sick of this type of rant. Nitpicking of missing characteristics tied cleverly into a logical ambush that others visit anyway. Faux disgust at perceived "racist" joke". Redundant yet Insightful reminder that you aren't forced to come here. Lone two-word expletive and/or insult and/or personality criticism whose position and abruptness will surely send parent into depression.
1. Re:Annoying reactionary flame by __aaxwdb6741 · 2006-04-01 04:26 · Score: 2, Funny
  
  Expected complimentary asslicking of grandparents post and irrelevant criticism of your opinions, avoiding the points given.
2. Re:Annoying reactionary flame by Bluesman · 2006-04-01 04:29 · Score: 4, Funny
  
  Thinly veiled insult. Latin words from Freshman Debate 101!!
  
  Self-congratulatory explanation of logical fallacies of above argument. Arrogant insinuation that I am smarter than you. More big words, many in italicized non-English, attempting to display my advanced education.
  
  --
  If moderation could change anything, it would be illegal.
3. Re:Annoying reactionary flame by Eagle5596 · 2006-04-01 04:33 · Score: 3, Funny
  
  Insightful insinuation that you are all just trying to ride my Karma train. Invitation to have sexual intercourse with yourself. Outrageous complaints and self righteous bullshit.
4. Re:Annoying reactionary flame by smittyoneeach · 2006-04-01 06:36 · Score: 3, Funny
  
  Right-wing reactionary onslaught, with paranoid delusional innuendo about black helicopters piloted by men with onions for heads, denounciation Europe in general, and anyone posting to /. therefrom in particular. Extra heaping of abuse for France, delivered with a bit of Grey Poupon thereon, about how the only real flame left in Europe centers on automobiles.
  
  Schizophrenic adoration and condemnation of Bush over stem cell policies[1] and their impact on cancer cures.
  
  Personal vow to give up /., email, the internet, and everything and become Amish.
  
  [1] Meaningless footnote to supply veneer of academic rigor.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Workaround by sash · 2006-04-01 04:27 · Score: 4, Funny

No reason to worry - just use iptables:
iptables -I INPUT 1 -mlength --length 0:1024 --protocol beer -j DONTPAY
Re:Sites that don't do 4/1? by Bemopolis · 2006-04-01 04:43 · Score: 2, Funny

Your complaints were addressed here.

Bemopolis

--
"I guess the moral of the story is, don't paint your airship with rocket fuel." -- Addison Bain