Full Disclosure mailing list archives
Re: OpenSSH Security Advisory: gcmrekey.adv
From: coderman <coderman () gmail com>
Date: Fri, 8 Nov 2013 12:43:27 -0800
On Fri, Nov 8, 2013 at 10:56 AM, CERT OPS Marienfeldt <cert.marienfeldt () gmail com> wrote:
"If exploited, this vulnerability might permit code execution with the privileges of the authenticated user" might explains the absence ;-)
how many integrations and services auth without shell? /sbin/nologin to /sbin/privescalate ... tough crowd. i leave you to your preauth remote exec fantasies, ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 08)
- Re: OpenSSH Security Advisory: gcmrekey.adv yersinia (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv CERT OPS Marienfeldt (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 08)
- <Possible follow-ups>
- Re: OpenSSH Security Advisory: gcmrekey.adv Harry Hoffman (Nov 08)
- Re: OpenSSH Security Advisory: gcmrekey.adv Bob Man Van Kim (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv Bob Man Van Kim (Nov 09)