Full Disclosure mailing list archives
Re: openssh exploit code?
From: security snot <booger () unixclan net>
Date: Mon, 13 Oct 2003 00:13:14 -0700 (PDT)
Dearest Sir, Can you provide any sort of technical argument as to why this bug is not exploitable? Or are you going to simply stand behind the typical OpenBSD zealot view and say it can't be exploited, only because there is not public "proof of concept" code available? ISS' X-Forces claim to have created a working proof-of-concept code for the bug. Are you calling those respectable young men and woman liars? Or maybe you're sore because they're responsible for publishing information on the first remote bug (that was demonstrated to be exploitable, mind you) for OpenBSD? Maybe you're from the same cult that claimed negative-length memcpy's aren't exploitable. Or one of those who think that the bug-ridden "privsep" codes used throught OpenBSD are implemented correctly, thus adding a worthwhile layer of security to your operating system. You probably enjoy the multiple levels of admitted "obscurity features" (check the Brad Spengler vs. OpenBSD Team threads just about anywhere, Theo's quotes on w^x being an "obscurity feature" to thwart attacks from lesser skilled attackers - since after all, the lesser skilled attackers are the real threat, right?). So yeah, FUD. If I told you there are still exploitable preauthentication bugs in OpenSSH, would that just be FUD too? FUD until the next advisory is published on that horribly designed codebase, FUD until the threat is demonstrated, right? Bet you'd like to see yourself eat your words, so you can generate a little more revenue with your security job. . . So, please, if you're going to take a stance against this bug being exploitable, let's see what you've done in an attempt to exploit it. Let's see something definitive showing why it can't be done. Or keep blinding supporting OpenBSD "The Nearly POSIX Compliant Unix-Like Operating System With Obscurity Features (tm)" and sounding like a jackass here. - the master of mprotect, champion of privilege seperation, rapist of theo Incidently, on your Ritchie quote - ever stop to think what he'd think of someone like Theo who can't grasp the simple languaged used to define the POSIX standards? ;) ps: provide an adequate technical discussion against the exploitability of this particular bug, and if it proves to be sound I'll release an exploit for a different unpublished OpenSSH bug for you guys to write up some advisories on! (err, must be FUD:) ----------------------------------------------------------- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - ----------------------------------------------------------- On Sat, 11 Oct 2003, Henning Brauer wrote:
On Sat, Oct 11, 2003 at 07:56:50AM -0400, S . f . Stover wrote:Has anyone actually seen exploit code for the Openssh 3.6.1 vulnerability? I've been googling around and while I see people talking about exploit codethey are liars. it's FUD. -- Henning Brauer, BS Web Services, http://bsws.de hb () bsws de - henning () openbsd org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- openssh exploit code? S . f . Stover (Oct 11)
- Re: openssh exploit code? Henning Brauer (Oct 11)
- Re: openssh exploit code? S . f . Stover (Oct 11)
- Re: openssh exploit code? security snot (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? security snot (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? Daniel (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 11)
- Re: openssh exploit code? Peter Busser (Oct 13)
- Re: openssh exploit code? Ted Unangst (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? Shawn McMahon (Oct 13)
- Re: openssh exploit code? S . f . Stover (Oct 19)
- <Possible follow-ups>
- re: openssh exploit code? mitch_hurrison (Oct 20)