Full Disclosure mailing list archives

Re: openssh remote exploit

From: KF <dotslash () snosoft com>
Date: Wed, 17 Sep 2003 22:22:43 -0400

The apache chunked issue was not exploitable either...
http://www.securityfocus.com/news/493
*gobble gobble*

-KF



Mike Griffin wrote:

To quote the FreeBSD draft advisory taken from freebsd-security:
III. Impact

A remote attacker can cause OpenSSH to crash.  The bug is not believed
to be exploitable for code execution on FreeBSD.
--- excerpt ---

So it depends on your definition of remote hole. This doesn't appearto have potential for anything other than DoS.


On 17 Sep 2003 at 6:43, Darren Reed wrote:

In some mail from Edward W. Ray, sie said:

Either your just an ass or an Theo hater or both.

Either way, your comments are without merit.  If one looks at the record of
OpenBSD and OpenSSH it is certainly way better than the other software out
there.


Really ?  I think you'll find that there are quite a number of people,
aside from myself, who think that the "1 exploit in X years" is on one
end of it as misleading and the other end, a lie, excluding this current
openssh problem.

But that statement is as much market fodder as much anything else.

As for the "way better", I'll take your comment as a completely
subjective comment as the way in which you measure software
quality may not be the same as the way I (or others) measure it.

I could go on and cite examples but I don't think that's necessary.

Some people, like you, believe openbsd/openssh is the best software
that exists today.  Others don't and I'm sure there are examples and
counter examples to prove either side.  My only advice is try not to
take criticism of it personally.

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

openssh remote exploit auto64746 (Sep 15)
- Re: openssh remote exploit Darren Reed (Sep 15)
- Re: openssh remote exploit Timo Sirainen (Sep 16)
- Re: openssh remote exploit Adam Dyga (Sep 17)
- <Possible follow-ups>
- Re: openssh remote exploit auto64746 (Sep 16)
  - Re: openssh remote exploit Diode Trnasistor (Sep 16)
  - Re: openssh remote exploit Darren Reed (Sep 16)
    - RE: openssh remote exploit Edward W. Ray (Sep 16)
    - Re: openssh remote exploit Darren Reed (Sep 16)
    - Re: openssh remote exploit Mike Griffin (Sep 16)
    - Re: openssh remote exploit KF (Sep 16)
    - Re: openssh remote exploit Henning Brauer (Sep 16)
    - Re: openssh remote exploit Peter Busser (Sep 19)
    - Re: openssh remote exploit petard (Sep 16)
    - Re: openssh remote exploit Darren Reed (Sep 16)
    - Re: openssh remote exploit Blue Boar (Sep 16)
    - Re: openssh remote exploit Richard Johnson (Sep 17)
    - Re: openssh remote exploit petard (Sep 17)
    - Re: openssh remote exploit Shawn McMahon (Sep 17)
    - Re: openssh remote exploit Richard Johnson (Sep 17)
    - AMDPatchB & InstallStub Michael Linke (Sep 17)

(Thread continues...)