Full Disclosure mailing list archives
remote kernel exploits?
From: blake () mc net (Blake Frantz)
Date: Wed, 18 Sep 2002 10:00:50 -0500
- - I have not seen any incident reports on Incidents, or any other
mailing list for that matter.
- - You'd think several high profile sites would've been attacked
already with such devastating exploits, but
I've seen no reports of this. In fact, if the kids really did have such
an exploit, you'd think they'd tag
their h4ndl3z all over high profile sites. But according to Alldas,
high profile defacements have been
virtually nonexistent in the last year or so. - - Given the skill required to craft such an exploit, I'd think it
would be way out of the grasp of the kids. >Since no researcher has come forth with such a vulnerability, it's logical to conclude that this does not
exist.
I'll begin by saying that I am not confirming or denying such an exploit exists, simply playing devil's advocate. As you mention in your 3rd point, the skill required to discover and develop a working exploit for such a vulnerability is far greater than the skill level of a script kiddy. With that in mind, wouldn't it be safe to make the assumption that the people (hypothetically) using this exploit are equally skilled in hiding their presence on the machine? Furthermore, what type of 'incident' would be reported? Interface problems? A web defacement? I woefully disagree that the person(s) who developed an exploit of this magnitude are going to use it to deface websites. Web defacements are generally the acts of RDS abusing script kiddies, whom you yourself stated would not be the source of this exploit. IMHO, suggesting that an person of this technical caliber would use their skill to deface websites for pure lime light is like suggesting a world class brain surgeon would expect a Nobel prize for applying a butterfly bandage. Additionally, script kiddies generally do not understand the legal ramification of defacing 'high profile' websites that have the bankroll to litigate. It's been my experience that people of the skill level required to develop such an exploit are very aware of possible consequences. If such an exploit exists, I would expect exactly what is happening now. Nothing but speculation possibly derived from someone leaking info. In short, you can not conclude that something does not exist simply because you have not found it. -Blake
Current thread:
- remote kernel exploits? andy_mn () hushmail com (Sep 08)
- remote kernel exploits? Azerail (Sep 08)
- Re: remote kernel exploits? Jose Nazario (Sep 09)
- Re: remote kernel exploits? Stephen (Sep 09)
- remote kernel exploits? Blake Frantz (Sep 18)
- <Possible follow-ups>
- remote kernel exploits? isergevsky () hushmail com (Sep 08)
- remote kernel exploits? memetic-engineer () australia edu (Sep 08)
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)
- RE: remote kernel exploits? Jacques A. Vidrine (Sep 10)
- RE: remote kernel exploits? Gommers, Joep (Sep 11)
- RE: remote kernel exploits? andy_mn () hushmail com (Sep 12)
- RE: remote kernel exploits? Andrew Thomas (Sep 12)
- RE: remote kernel exploits? HalbaSus (Sep 13)
- RE: remote kernel exploits? silvio () big net au (Sep 13)
- Message not available
- RE: remote kernel exploits? silvio () big net au (Sep 13)