Full Disclosure mailing list archives
Re: SSH brute force blocking tool
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 27 Nov 2006 17:00:03 -0500
Michael Holstein wrote:
So I ask you too... Find me any Unix derivative that will allow someone to pass a name, word, place, etc into the 13th column of authlog, then bypass grep which is grep'ing out for decimals.That specially crafted attempt would be a HUGE raping of TCP/IP. How do you supposed it would be possible for someone to insert 0wn3ed or any other variable outside of an IP address?Remember the (in)famous quote "...that vulnerability is purely theoretical..."?I think the point is you don't use $language to split a bunch of fields, and then pipe them back through /bin/sh without making sure they're not malicious.Doesn't matter that you can't think of a way to make them malicious .. somebody else will find one. It's safer to just assume it'll happen and always sanitize variables before you {do_stuff;} with them.(my $0.02) ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government. John Adams
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SSH brute force blocking tool, (continued)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)
- Re: SSH brute force blocking tool Michael Holstein (Nov 27)
- Re: SSH brute force blocking tool Joshua D. Abraham (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Michael Holstein (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tonnerre Lombard (Nov 28)
- Re: SSH brute force blocking tool Brian Eaton (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Thierry Zoller (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)