Full Disclosure mailing list archives
Re: openssh remote exploit
From: KF <dotslash () snosoft com>
Date: Wed, 17 Sep 2003 22:22:43 -0400
The apache chunked issue was not exploitable either... http://www.securityfocus.com/news/493 *gobble gobble* -KF Mike Griffin wrote:
To quote the FreeBSD draft advisory taken from freebsd-security: III. Impact A remote attacker can cause OpenSSH to crash. The bug is not believed to be exploitable for code execution on FreeBSD. --- excerpt ---So it depends on your definition of remote hole. This doesn't appear to have potential for anything other than DoS.On 17 Sep 2003 at 6:43, Darren Reed wrote:In some mail from Edward W. Ray, sie said:Either your just an ass or an Theo hater or both. Either way, your comments are without merit. If one looks at the record of OpenBSD and OpenSSH it is certainly way better than the other software out there.Really ? I think you'll find that there are quite a number of people, aside from myself, who think that the "1 exploit in X years" is on one end of it as misleading and the other end, a lie, excluding this current openssh problem. But that statement is as much market fodder as much anything else. As for the "way better", I'll take your comment as a completely subjective comment as the way in which you measure software quality may not be the same as the way I (or others) measure it. I could go on and cite examples but I don't think that's necessary. Some people, like you, believe openbsd/openssh is the best software that exists today. Others don't and I'm sure there are examples and counter examples to prove either side. My only advice is try not to take criticism of it personally. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- openssh remote exploit auto64746 (Sep 15)
- Re: openssh remote exploit Darren Reed (Sep 15)
- Re: openssh remote exploit Timo Sirainen (Sep 16)
- Re: openssh remote exploit Adam Dyga (Sep 17)
- <Possible follow-ups>
- Re: openssh remote exploit auto64746 (Sep 16)
- Re: openssh remote exploit Diode Trnasistor (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- RE: openssh remote exploit Edward W. Ray (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- Re: openssh remote exploit Mike Griffin (Sep 16)
- Re: openssh remote exploit KF (Sep 16)
- Re: openssh remote exploit Henning Brauer (Sep 16)
- Re: openssh remote exploit Peter Busser (Sep 19)
- Re: openssh remote exploit petard (Sep 16)
- Re: openssh remote exploit Darren Reed (Sep 16)
- Re: openssh remote exploit Blue Boar (Sep 16)
- Re: openssh remote exploit Richard Johnson (Sep 17)
- Re: openssh remote exploit petard (Sep 17)
- Re: openssh remote exploit Shawn McMahon (Sep 17)
- Re: openssh remote exploit Richard Johnson (Sep 17)
- AMDPatchB & InstallStub Michael Linke (Sep 17)