Full Disclosure mailing list archives
Re: SSH Exploit Request
From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 13 Nov 2003 14:12:42 -0600 (CST)
[SNIP]
But... He may work for an organization that a) makes him responsible for function, and isolated from policy influence (possibly broken). b) in which his manager is politically isolated (broken). c) is subject to a DITSCAP-style regime of testing and documentation processes - - not broken! In any case - it is unhelpful an peevishly arrogant to spit out "change your process." O.K. That may be happening over time. What can I do /now/? Not pointing out the obvious - gobbles exploit code - leads to this kind of meta-thread, which has been the cause of so much grievance to some. A simple reply about the exploit and currency would have been entirely on topic for the list!
And of course the gobbles code is old and most likely does not fit the bill for the current need to patch, as was the starting point for the fairly recently secure programming threads. There might not be current sploit code to cover the potential risk his version of openssh/openssl is requiring a patch/fix. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SSH Exploit Request, (continued)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 16)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 16)
- Re: SSH Exploit Request Jonathan A. Zdziarski (Nov 16)
- spoofing sir kaber (Nov 16)
- Re: SSH Exploit Request Ron DuFresne (Nov 16)
- Re: SSH Exploit Request KF (Nov 14)
- Re: SSH Exploit Request Jeremiah Cornelius (Nov 13)
- Re: SSH Exploit Request Adam (Nov 13)
- Re: SSH Exploit Request Ron DuFresne (Nov 13)
- Re: SSH Exploit Request Florian Weimer (Nov 13)
- Re: SSH Exploit Request Damian Gerow (Nov 13)