Snort mailing list archives
Re: sshd-exploit & new RPC!=low blood pressure
From: twig les <twigles () yahoo com>
Date: Wed, 17 Sep 2003 09:35:59 -0700 (PDT)
This is the excuse everyone needs to lock down their host firewalls to only a couple source IPs for SSH connections and review their anti-spoofing acls. As for keeping your blood pressure low ... it's Wednesday, so stay off of Bugtraq. BTW, there is a 'sploit in the wild for that new(er) MS rpc thingy. Not much info out yet and I'm trying to avoid the mainstream media's take on it since they suck. Securityfocus has a little article on it, pretty bare. So buckle up! --- Frank Knobbe <frank () knobbe us> wrote:
On Wed, 2003-09-17 at 08:41, Sam Evans wrote:I too have heard this, however, there's still a lot ofdebate as towhether the bug is even remotely exploitable. CERT says no, RedHat says yes (lol), BSD* folks say no.Ah, yes. my favorite Tuesday topic :) Actually, CERT also said it "may" be exploitable, just like RH and Slackware. OBSD/FBSD said it doesn't look exploitable. Debian (kudos) made no statement to the 'exploitivness' of this issue. If ya don't know, don't say. That's still my main gripe. We have a lot of intelligent code reviewers around. The problem in SSHD is a small section of code. Surely we can look at it and determine if it's exploitable or not (the people I talked to said No). Yet everyone believes unsubstantiated rumors and spreads FUD in their advisories... even respectable organizations feed on that FUD.... ... oh crap, I wanted to keep my blood pressure low today.... darn... :) Cheers, Frank
ATTACHMENT part 2 application/pgp-signature name=signature.asc
===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
- Re: sshd-exploit Frank Knobbe (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
- Re: sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit & new RPC!=low blood pressure twig les (Sep 17)
- Re: sshd-exploit Frank Knobbe (Sep 17)
- <Possible follow-ups>
- RE: sshd-exploit Sean T. Ballard (Sep 17)
- RE: sshd-exploit Frank Knobbe (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)