Full Disclosure mailing list archives
Re: Exploit for auth2-pam for vuln linux opensshd
From: ATD <simon () snosoft com>
Date: 09 Jan 2003 10:56:08 -0500
Are you perfect? On Wed, 2003-01-08 at 22:54, Jack Ahz wrote:
Dear reader, Yours truly would like to note the following: Globalintersec Research is a hoax. Unbelievably, the only thing that makes me angrier than a 0day factory like ISS, which churns out advisory after advisory due to the unethical and illegal auditing of proprietary source code found on irc and plan9.hert.org, is a security company consisting of complete morons that is able to make money (SOMEHOW) by completely fooling the public. KF, of GLOBALINTERSEC SECURITY, THIS MEANS YOU! Note: At least ISS uses illegal means and genuine skills to audit proprietary source code and find real, useful bugs. Let's think about it. KF MADE THIS POST TO VULN-DEV: ----------------------------- My question is does anyone know how to programatically do this? Do i need to make use of bit shifting or something? I need only a program to print the list to the screen or something simple. Example output would be ... AAAA BBBBB .... AAAB AAAC ... and so on but ONLY unique posibilities. -KF ----------------------------- NOTE THAT NOT EVEN THIS QUESTION WAS ERROR-FREE (THE SECOND ENTRY HAS 5 B'S) So are we to believe that somebody lacking the most basic C-skillz is able to craft an exploit for opensshd for linux? Is it not apparent that if this bug were easily exploitable, SOME FUCKING IDIOT would have already posted the exploit to packetstorm, like MR ZENITH PARSEC? KF continues in his vuln-dev post, "Hah this is great... and to think a simple question like that stumped my local java AND c++ instructors. " Where did you go to school, the University of Swaziland? Anyhow, I am straying off topic. Let not my hate of the KF cloud my message. The point is this: I have looked through the auth2-pam.c file a while ago, and determined that the sshd daemon was certainly not exploitable in the way which was described in the advisory, due to certain counter variables and corruption of the heap. Now, this was a while ago, and I'm only going by what my own memory serves up. The same goes for the FAKE GLOBALINTERSEC sudo advisory. It is quite apparent that the gdb output was fabricated. Running neither one of those programs with a few simple command will cause some textbook heap corruption scenario where the malloc chunk headers are 'merely overwritten' by a long string of A's. Even Mr. FC could have crafted up an exploit in less than 8 months IF THAT WERE THE CASE. Solution: KF[GLOBALINTERSEC], admit to the world that you are a fraud and faked gdb output in an effort to gain fame. At least I applaud for not signing your name as 'KF' to your advisories. Globalintersec would have certainly been out of business by now if that were the case. If KF admits he is a liar, this will all stop. Potential Counter-Solution: Say KF does not admit he is a fraud. I will be forced to go back through a pile of old worthless code to show that his exploitable condition is impossible (which is not to say at all that exploitation in some way is impossible). -- END -- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- ATD <simon () snosoft com> Secure Network Operations, Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Exploit for auth2-pam for vuln linux opensshd Jack Ahz (Jan 08)
- Re: Exploit for auth2-pam for vuln linux opensshd (KF's fake HPUX exploit with fake gdb output included free!) KF (Jan 08)
- Re: Exploit for auth2-pam for vuln linux opensshd ATD (Jan 09)