Snort mailing list archives

Re: sshd-exploit

From: Joerg Weber <j.weber () infos de>
Date: 17 Sep 2003 16:56:21 +0200

On Wed, 2003-09-17 at 16:39, Frank Knobbe wrote:

That's still my main gripe. We have a lot of intelligent code reviewers
around. The problem in SSHD is a small section of code. Surely we can
look at it and determine if it's exploitable or not (the people I talked
to said No).

Well, I for sure would rather say "Uhhm I am not sure, but a wrong offset in memory handling could maybe be 
exploitable" than "Naw, it's not, trust me".
Remember Apache on *BSD when Gobbles showed how it is 'not exploitable'?
And I think that with something as widespread as OpenSSH a little bit of
activism on the update front cannot harm.

I'm pretty sure though that in case it is indeed exploitable we'll see
lots of creative work in the comming weeks. Arm your bruteforcer and
share the offsets!

Anyways. No exploit->no signature. Less work for me ;)

Cheers,

Joerg

-- 
Joerg Weber
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 33
www.infos.de
E: j.weber () infos de

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

sshd-exploit Joerg Weber (Sep 17)
- Re: sshd-exploit Sam Evans (Sep 17)
  - Re: sshd-exploit Frank Knobbe (Sep 17)
    - Re: sshd-exploit Sam Evans (Sep 17)
    - Re: sshd-exploit Joerg Weber (Sep 17)
    - Re: sshd-exploit & new RPC!=low blood pressure twig les (Sep 17)
- <Possible follow-ups>
- RE: sshd-exploit Sean T. Ballard (Sep 17)
  - RE: sshd-exploit Frank Knobbe (Sep 17)