mention SSH-1 Daemon CRC32 Compensation Attack Detector problem.

okay deraadt@

Author: provos

openssh/security.html

@@ -68,14 +68,21 @@ <h2><font color=#e00000>Security</font><hr></h2>
     connection rate, making the attack infeasible.  Additionally, the
     Bleichenbacher oracle has been closed completely since January 29,
     2001.
+<p>
+<li>OpenSSH 2.3.0 and newer are not vulnerable to the
+    "Feb 8, 2001: SSH-1 Daemon CRC32 Compensation Attack Detector Vulnerability",
+    <a href="http://razor.bindview.com/publish/advisories/adv_ssh1crc.html">RAZOR Bindview Advisory CAN-2001-0144</a>.  
+    A buffer overflow in the CRC32 compensation attack detector can
+    lead to remote root access.  This problem has been fixed in
+    OpenSSH 2.3.0.  However, versions prior to 2.3.0 are vulnerable.
 
 </dl>
 
 <hr>
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenSSH></a>
 <a href=mailto:[email protected]>[email protected]</a>
 <br>
-<small>$OpenBSD: security.html,v 1.8 2001/02/07 22:42:26 provos Exp $</small>
+<small>$OpenBSD: security.html,v 1.9 2001/02/08 23:45:41 provos Exp $</small>
 
 </body>
 </html>