Re: proof of exploited code

[Filip Maertens <filip () securax be>]

Fsck,

I am always surprised what kind of personal flames are being directed towards
Theo in person...  As Ryan stated, there is no where in this code where the
sockets are properly set up in being used on a remote way, so please step
down and don't even think about " remote exploit ".

The only -remote- exploit I have seen -today- is the Pizda.c FTPd exploit (
with a kiddie-alike broken code, this is a no brainer ), which exploits the
LIST boundaries, from the first looks at it.  Please, get your story straight
before posting stuff on this list, and please... get that attitude fixed.

Is it so hard to release code without flaming OpenBSD people ( Theo in
particular ), or do certain people get off on this ranting?  Since, this
listing is discussing vulnerabilities, ... it has no point in going advocacy,
there are other mailing lists for this, but please...


my worthless .2 cents


Fsck Theo Dumbraadt wrote:

> This code shows a remote exploit for opensbsd versions 2.8 and 2.9
> and can now be released to the public to break theo's 4 years without
> remote exploits sayings. I wrote it while people told me it could not
> happen on the list so here is your proofs bitch.

[ useless info snipped ]