Snort mailing list archives
RE: sshd-exploit
From: "Sean T. Ballard" <stballard () 4glschools com>
Date: Wed, 17 Sep 2003 11:09:46 -0400
Just because the exploit code itself is not public is no excuse to not be cautious about it. SSH has always a touchy service already, and I try limit its uses in general just because of its exploitive history. -----Original Message----- From: Joerg Weber [mailto:j.weber () infos de] Sent: Wednesday, September 17, 2003 10:56 AM To: Frank Knobbe Cc: Sam Evans; snort-users () lists sourceforge net Subject: Re: [Snort-users] sshd-exploit On Wed, 2003-09-17 at 16:39, Frank Knobbe wrote:
That's still my main gripe. We have a lot of intelligent code
reviewers
around. The problem in SSHD is a small section of code. Surely we can look at it and determine if it's exploitable or not (the people I
talked
to said No).
Well, I for sure would rather say "Uhhm I am not sure, but a wrong offset in memory handling could maybe be exploitable" than "Naw, it's not, trust me". Remember Apache on *BSD when Gobbles showed how it is 'not exploitable'? And I think that with something as widespread as OpenSSH a little bit of activism on the update front cannot harm. I'm pretty sure though that in case it is indeed exploitable we'll see lots of creative work in the comming weeks. Arm your bruteforcer and share the offsets! Anyways. No exploit->no signature. Less work for me ;) Cheers, Joerg -- Joerg Weber Network Security infoServe GmbH Nell-Breuning-Allee 6 D-66115 Saarbruecken T: (0681) 8 80 08 - 0 F: (0681) 8 80 08 - 33 www.infos.de E: j.weber () infos de ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
- Re: sshd-exploit Frank Knobbe (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
- Re: sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit & new RPC!=low blood pressure twig les (Sep 17)
- Re: sshd-exploit Frank Knobbe (Sep 17)
- <Possible follow-ups>
- RE: sshd-exploit Sean T. Ballard (Sep 17)
- RE: sshd-exploit Frank Knobbe (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)