Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH brute force blocking tool

From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 27 Nov 2006 17:00:03 -0500
Michael Holstein wrote:
That specially crafted attempt would be a HUGE raping of TCP/IP. How do you supposed it would be possible for someone to insert 0wn3ed or any other variable outside of an IP address?
Remember the (in)famous quote "...that vulnerability is purely theoretical..."?
I think the point is you don't use $language to split a bunch of fields, and then pipe them back through /bin/sh without making sure they're not malicious.
Doesn't matter that you can't think of a way to make them malicious .. somebody else will find one. It's safer to just assume it'll happen and always sanitize variables before you {do_stuff;} with them. 

(my $0.02)

~Mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
So I ask you too... Find me any Unix derivative that will allow someone to pass a name, word, place, etc into the 13th column of authlog, then bypass grep which is grep'ing out for decimals. 


--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 
The happiness of society is the end of government.
John Adams

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: