Full Disclosure mailing list archives
Re: CORE-Impact license bypass
From: Bernhard Mueller <research () sec-consult com>
Date: Wed, 28 Sep 2005 08:58:50 +0200
Valdis.Kletnieks () vt edu wrote:
On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said: And note also that "finding a hole" and "be talented enough to create an exploit" are *totally* distinct. I found a rather nasty rootable hole in Sendmail a while back (read the release notes for 8.10.1 and the relevant manpages for the system linker - that gives enough info to figure out what the bug was). Never did create a working exploit for it - I fooled with it for an afternoon and only got as far as proving that if somebody were to spend more than an afternoon on it, they *could* produce a working exploit.
i agree with this. it's often much easier to find a bug than to exploit it (see strange heap overflows and the like), and i also don't have the time to spend days on disassembling and looking for attack vectors (and i'm sure that other people will have more fun doing just that). what i criticize is that *lots* of companies (at least here in my vicinity) are selling cheap "vulnerability assessments" which actually are nothing more than automated security scans. this leads to the customer feeling safe when he's really wide open to attacks. often, these people's networks can be rooted in no time. sure, you don't have to be uber-31337 to do penetration tests (i'm certainly not), but it should definitely go beyond the "scan--+--google-for-exploit" approach. regards, -- _____________________________________________________ ~ DI (FH) Bernhard Mueller ~ IT Security Consultant ~ SEC-Consult Unternehmensberatung GmbH ~ www.sec-consult.com ~ A-1080 Wien Blindengasse 3 ~ Tel: +43/676/840301718 ~ Fax: +43/(0)1/4090307-590 ______________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: CORE-Impact license bypass, (continued)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- RE: CORE-Impact license bypass Marc Maiffret (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 27)
- Re: CORE-Impact license bypass Martin Mkrtchian (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 27)
- Re: CORE-Impact license bypass Andrew Simmons (Sep 27)
- Re: CORE-Impact license bypass Valdis . Kletnieks (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 28)
- Re: CORE-Impact license bypass sk (Sep 28)
- Re: exploit frameworks Dave Aitel (Sep 30)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass fd (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 26)