Full Disclosure mailing list archives
Re: SSH Exploit Request
From: Adam <adam () huntrecruiting com>
Date: Thu, 13 Nov 2003 14:51:18 -0500
This is not a flame!! I'm just wondering if announcing to a list full of people both good, and bad who are able to exploit an old bug that "I have an un-patched system" is good security practice? I got rooted after simply replying to an ass-hole asking "if any one thought they where being spied on by the US Gov" off the list it was an old MDK8.1 box I was trying to keep around just a minuet or two longer and didn't have time to patch properly. (My Bad) My 2 cents Adam On Thursday 13 November 2003 01:03 pm, Jeremiah Cornelius wrote:
On Thu November 13 2003 08:07, Valdis.Kletnieks () vt edu wrote:On Thu, 13 Nov 2003 02:18:57 PST, Jeremiah Cornelius said:We need to test it before we are permitted to upgrade. Please help.Help yourself and redesign your patch management.Yeah. Everyone can do that, smartass.No, he's right. The OP's environment apparently requires that there be testing before they're allowed to upgrade. That's *broken*. Plain and simple.But... He may work for an organization that a) makes him responsible for function, and isolated from policy influence (possibly broken). b) in which his manager is politically isolated (broken). c) is subject to a DITSCAP-style regime of testing and documentation processes - not broken! In any case - it is unhelpful an peevishly arrogant to spit out "change your process." O.K. That may be happening over time. What can I do /now/? Not pointing out the obvious - gobbles exploit code - leads to this kind of meta-thread, which has been the cause of so much grievance to some. A simple reply about the exploit and currency would have been entirely on topic for the list! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: OpenKeyServer v1.2 Comment: Extracted from belgium.keyserver.net mQGiBDvODnIRBAD6ex+LS95ar546tDkRgaAv9T9RMle24L9xAmwkychQ6yL8LdNP kSZc6ErAUlMR1ygEGYAppWyBWrA6GFFijbfvX9pH7r2r5JdDv4X30ZlUAmbdeJub GfvGk63/JpEheLictj6A7xPb2+9mIpJ1g/AP5Eyxa+1V7pOqZzaFST2otwCg/8ql aJrMR6GQ+iDhwdo8wvI/D/sD/2rJkqAKr1Y6PoL70y0qqv/KbAxvViAl/HNfYk1g gL1YyqF1xNO5AgxzMS/KGHdYw+rWlbfjRuCJO813OT1/yefZbahModayyinlh8IN x9U8rs0sIOmpWMaMT3WvC75lcndV9Tfs/r8/SpYuU0wH2Xym5vJG1TLWRegdy3E6 PYpCA/9NT/1zbQS8haRkFUCZt6c7D0PRw4gT2bKhC7563x2xcRGPWKBXz0X1s6bb D5g9uitibnFo0F/MGK/v1NU5Z7vCgEXJsv+B5VRsnPloT1WEoYZ/IYUb0NlUszKf cI7rvaBjZ00SqivtDECefpNAjSfl5EJ+0ZCZgo2xjCfiQ0T1a7QmQWRhbSBQLiBI dW50IDxhZGFtQGh1bnRyZWNydWl0aW5nLmNvbT6ISQQQEQIACQUCPJeCgQIZAQAK CRDfxArjO/C7CAmjAJ4q9EpvuNpvi5BlBR7MfOfTo8VRaACg5Rka3nw40myMDBZZ QYUxQ36CVGu5Ag0EO84OchAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg 2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvO meFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YA WCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtV jLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZ lp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/RAtkqoEqDD7 n1ykPPGNtSJ1sNZG6ENonnNGEOMXyb5X3oINxMNTO4UZtuYNkfRMwCvNb+on4Swa 7L+GVwuzJgH87QbFk1htxxzj7FS+4aXHf24QQSLSzGbYEZqFxyg6gXB34q9yGFNa ELMO6LyiL2sFykXw0P9+VNCOEqgMJQ+wTLttkFclSf8ycm7PYqsHAtgKk3fEUdoJ ILkrxe5+G+2hHv8ACav8nBcKnt/V9CK69TTWbfsNlRQRP5SggiPUsmraQHDvak51 QOqsupOXOeE7GBGUUYBgOkq/6hbRF4BHHugngoeZgfCcWtELvL/suQY+LZshIxZo BhxYvDx9XxC5Ag0EPJbF0BAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg 2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvO meFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YA WCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtV jLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZ lp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/0/nO38lPuZy pxRmBe7MBrrCLLuAhGNLq1oCTuA6JNCba7933x6vicdFrEJaIpDPWe7EVHyBJ+a6 ndLcOC8TLruuKXJY9R9oQEmKRSpjd2qDrOraglCvPeI3erQY99uxhNf/vMnBVVfF wf1JbOUEDc4oXyjXk57rHkKrWkveNpBYFwdnIbott9svjwn0EAHI8jxXErQjboKq 8gYQfUdldVndkYz7AQlzrAV0sJSZIjLtzvfX7j26OLBYC0t9P8yG4cKDCGOWAhqs 1lhiZ6bm6Yq9RGKc4Cfk57BwYtGVNE6qsFc8kK/rx0zW+sYvCfHUqoahsyTf4wHC oOHeBlITx4qITAQYEQIADAUCO84OcgUbDAAAAAAKCRDfxArjO/C7CMbEAKD6A0Sm p5OL5HxXOUkvSiGpSgRfMQCcDwaavQvsZcL4pO5xc90gm0ZdOUw= =jeF/ -----END PGP PUBLIC KEY BLOCK----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SSH Exploit Request, (continued)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 16)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 16)
- Re: SSH Exploit Request Jonathan A. Zdziarski (Nov 16)
- spoofing sir kaber (Nov 16)
- Re: SSH Exploit Request Ron DuFresne (Nov 16)
- Re: SSH Exploit Request KF (Nov 14)
- Re: SSH Exploit Request Jeremiah Cornelius (Nov 13)
- Re: SSH Exploit Request Adam (Nov 13)
- Re: SSH Exploit Request Ron DuFresne (Nov 13)
- Re: SSH Exploit Request Florian Weimer (Nov 13)
- Re: SSH Exploit Request Damian Gerow (Nov 13)