Full Disclosure mailing list archives
Re: re: openssh exploit code?
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 20 Oct 2003 14:25:50 -0500
Hey guys, don't want to cause a stir, but here are some thoughts I have since that SSH issue was dear to me when it came out. On Mon, 2003-10-20 at 05:28, mitch_hurrison () ziplip com wrote:
What is the added value of anyone disclosing an exploit to you?
Proof that it is indeed exploitable. I personally don't need an exploit, just show me in a discussion where it is exploitable. I still don't believe that the first issue (heap overwritten with 0's) is exploitable other than a DoS. Now the PAM issue probably is, I haven't looked at that. Just so you know where I'm coming from: I get pretty pissed off when unsubstantiated rumors cause a commotion that everyone is jumping on without having done a review or proof of its existence, especially when it's used for feed the FUD mill. For example, if someone spreads a rumor that the latest version of Apache is exploitable with a remote root exploit (not just DoS) in the mime_module, but while reviewing the code it just doesn't seem possible, then that person making those claims better back it up with some data. Doesn't have to be exploit code, but an analysis that convinces others.
A) You know the bug exists. B) You know it's probably a good idea to patch it.
heh... Nothing wrong with that statement. However, the severity of the issue (DoS vs. remote-root) would be helpful in determining if admins should yank the boxes during production, or wait to patch after hours.
But to put your mind at ease. Yes it is exploitable. Will you get an exploit from me? Hell no.
Okay, please show us in discussion where it is exploitable. No need for exploit code to feed the script kiddies, just convince me with an analysis. I still believe that the heap-write-0 issue is not exploitable other than a DoS. If you think it is, please show us how. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: openssh exploit code?, (continued)
- Re: openssh exploit code? Ted Unangst (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? Shawn McMahon (Oct 13)
- Re: openssh exploit code? S . f . Stover (Oct 19)
- re: openssh exploit code? mitch_hurrison (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)
- Re: re: openssh exploit code? John Sage (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)
- Re: re: openssh exploit code? Valdis . Kletnieks (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)
- Re: re: openssh exploit code? pandora (Oct 20)
- Re: re: openssh exploit code? Frank Knobbe (Oct 20)
- Re: re: openssh exploit code? Shawn McMahon (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)