Vulnerability Development mailing list archives

Re: Telnetd exploit for solaris

From: fintler <thefintler () yahoo com>
Date: Thu, 6 Sep 2001 21:01:06 -0700 (PDT)

--- Josh Crane <jcrane () bit net au> wrote:

well said..

Or, maybe the exploit is needed to test the patch after it's
applied, to make sure it actually worked to close the hole...
It's not unknown for vendors to release faulty patches that
don't do what they claim, either...


even better as it's more common than people realise.. often the exploits
only need a minor alteration to be reborn anyway.

if you are just a thoughtless admin, and don't attempt to pick up what it is
that the exploits are doing, you will always rely on someone else to get it
done for you... this is a community, pitching in is what it's all about.

Allright, since I seem to be getting flamed, I'll try to respond to this little by little.

If he's researching on how exploits are developed why doesn't he/she take a look at the thousands
of exploits already out there? What's so special about this one?

You say admins use exploits to test their own hardware, but you also mention that after a patch is
applied, it may only prevent that particular version of the exploit to work, while others that are
circulated less, still do. Don't you think that this may provide a false sense of security in
that the admin may now think that the system is no longer vulnerable because that particular
exploit the admin found on bugtraq no longer works? Wouldn't a detailed explanation of the problem
that gets into the specific details (aka advisary) be more useful and cause less problems compared
to something that can be compiled straight off the list?

I don't really see what you mean by community, a community is just a group or ppl who share a
common interest. From my point of view all I see is a *very* small percentage who share an
interest in pitching in, and a very large group that takes that work and uses it for some type of
personal gain. For example, out of the many people who subscribe to bugtraq, how many have ever
thrown their 2 cents in, I'm almost positive it is a small percent.

Did I miss any debates there? Jeez you ppl like to pick everything apart ;P

-fintler <fintler () halfbug com>

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Current thread:

Re: Telnetd exploit for solaris, (continued)
- - - Re: Telnetd exploit for solaris H D Moore (Sep 07)
    - Re: Telnetd exploit for solaris James Puckett (Sep 07)
    - Re: Telnetd exploit for solaris Joseph Mallett (Sep 07)
  - Re: Telnetd exploit for solaris Robert A. Seace (Sep 06)
- Re: Telnetd exploit for solaris lazy (Sep 05)
  - Re: Telnetd exploit for solaris Federico Bellizia (Sep 06)
  - Re: Telnetd exploit for solaris sween (Sep 06)
- RE: Telnetd exploit for solaris moran (Sep 06)
- Telnetd exploit for solaris dove (Sep 06)
- Re: Telnetd exploit for solaris Josh Crane (Sep 06)
  - Re: Telnetd exploit for solaris fintler (Sep 06)
    - Re: Telnetd exploit for solaris Gerard Palma (Sep 07)
    - Re: Telnetd exploit for solaris Big Woz (Sep 07)
    - Re: Telnetd exploit for solaris Gnuthad (Sep 08)
  - Re: Telnetd exploit for solaris fintler (Sep 06)
    - Re: Telnetd exploit for solaris Marc Soda (Sep 07)
    - RE: Telnetd exploit for solaris Oliver Petruzel (Sep 07)
- Re: Telnetd exploit for solaris can1s (Sep 07)
- RE: Telnetd exploit for solaris Robert Tillman (Sep 07)
- RE: Telnetd exploit for solaris Korkmaz, Murat (Sep 07)
- RE: Telnetd exploit for solaris Hicks, John (Sep 07)

(Thread continues...)