Snort mailing list archives
Re: sshd-exploit
From: Sam Evans <sam () neuroflux com>
Date: Wed, 17 Sep 2003 10:46:03 -0400 (EDT)
Of course, that's how the world works my friend. We operate and thrive in FUD.. lol Look at what the US Government said a while back about how everyone should make a safe room in the event of a biological attack, by buying loads and loads of Plastic sheeting and duct tape.. LOL! Oh well, I'll wait until I hear of an actual exploit before I put my server in plastic and duct tape.. lolol -Sam On Wed, 17 Sep 2003, Frank Knobbe wrote:
On Wed, 2003-09-17 at 08:41, Sam Evans wrote:I too have heard this, however, there's still a lot of debate as to whether the bug is even remotely exploitable. CERT says no, RedHat says yes (lol), BSD* folks say no.Ah, yes. my favorite Tuesday topic :) Actually, CERT also said it "may" be exploitable, just like RH and Slackware. OBSD/FBSD said it doesn't look exploitable. Debian (kudos) made no statement to the 'exploitivness' of this issue. If ya don't know, don't say. That's still my main gripe. We have a lot of intelligent code reviewers around. The problem in SSHD is a small section of code. Surely we can look at it and determine if it's exploitable or not (the people I talked to said No). Yet everyone believes unsubstantiated rumors and spreads FUD in their advisories... even respectable organizations feed on that FUD.... ... oh crap, I wanted to keep my blood pressure low today.... darn... :) Cheers, Frank
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
- Re: sshd-exploit Frank Knobbe (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
- Re: sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit & new RPC!=low blood pressure twig les (Sep 17)
- Re: sshd-exploit Frank Knobbe (Sep 17)
- <Possible follow-ups>
- RE: sshd-exploit Sean T. Ballard (Sep 17)
- RE: sshd-exploit Frank Knobbe (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)