Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sshd-exploit & new RPC!=low blood pressure

From: twig les <twigles () yahoo com>
Date: Wed, 17 Sep 2003 09:35:59 -0700 (PDT)
This is the excuse everyone needs to lock down their host
firewalls to only a couple source IPs for SSH connections and
review their anti-spoofing acls.  As for keeping your blood
pressure low ... it's Wednesday, so stay off of Bugtraq.  BTW,
there is a 'sploit in the wild for that new(er) MS rpc thingy. 
Not much info out yet and I'm trying to avoid the mainstream
media's take on it since they suck.  Securityfocus has a little
article on it, pretty bare.

So buckle up!

--- Frank Knobbe <frank () knobbe us> wrote:

On Wed, 2003-09-17 at 08:41, Sam Evans wrote:

I too have heard this, however, there's still a lot of

debate as to

whether the bug is even remotely exploitable.

CERT says no, RedHat says yes (lol), BSD* folks say no.


Ah, yes. my favorite Tuesday topic :)

Actually, CERT also said it "may" be exploitable, just like RH
and
Slackware. OBSD/FBSD said it doesn't look exploitable. Debian
(kudos)
made no statement to the 'exploitivness' of this issue. If ya
don't
know, don't say.

That's still my main gripe. We have a lot of intelligent code
reviewers
around. The problem in SSHD is a small section of code. Surely
we can
look at it and determine if it's exploitable or not (the
people I talked
to said No).

Yet everyone believes unsubstantiated rumors and spreads FUD
in their
advisories... even respectable organizations feed on that
FUD....

... oh crap, I wanted to keep my blood pressure low today....
darn... :)

Cheers,
Frank





ATTACHMENT part 2 application/pgp-signature name=signature.asc




=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: