lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0310122353020.9173@cia.zemos.net>
From: booger at unixclan.net (security snot)
Subject: openssh exploit code?

Dearest Sir,

Can you provide any sort of technical argument as to why this bug is not
exploitable?  Or are you going to simply stand behind the typical OpenBSD
zealot view and say it can't be exploited, only because there is not
public "proof of concept" code available?

ISS' X-Forces claim to have created a working proof-of-concept code for
the bug.  Are you calling those respectable young men and woman liars?  Or
maybe you're sore because they're responsible for publishing information
on the first remote bug (that was demonstrated to be exploitable, mind
you) for OpenBSD?

Maybe you're from the same cult that claimed negative-length memcpy's
aren't exploitable.  Or one of those who think that the bug-ridden
"privsep" codes used throught OpenBSD are implemented correctly, thus
adding a worthwhile layer of security to your operating system.  You
probably enjoy the multiple levels of admitted "obscurity features" (check
the Brad Spengler vs. OpenBSD Team threads just about anywhere, Theo's
quotes on w^x being an "obscurity feature" to thwart attacks from lesser
skilled attackers - since after all, the lesser skilled attackers are the
real threat, right?).

So yeah, FUD.  If I told you there are still exploitable preauthentication
bugs in OpenSSH, would that just be FUD too?  FUD until the next advisory
is published on that horribly designed codebase, FUD until the threat is
demonstrated, right?  Bet you'd like to see yourself eat your words, so
you can generate a little more revenue with your security job. . .

So, please, if you're going to take a stance against this bug being
exploitable, let's see what you've done in an attempt to exploit it.
Let's see something definitive showing why it can't be done.

Or keep blinding supporting OpenBSD "The Nearly POSIX Compliant Unix-Like
Operating System With Obscurity Features (tm)" and sounding like a jackass
here.

- the master of mprotect, champion of privilege seperation, rapist of theo

Incidently, on your Ritchie quote - ever stop to think what he'd think of
someone like Theo who can't grasp the simple languaged used to define the
POSIX standards?  ;)

ps: provide an adequate technical discussion against the exploitability of
this particular bug, and if it proves to be sound I'll release an exploit
for a different unpublished OpenSSH bug for you guys to write up some
advisories on!  (err, must be FUD:)

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Sat, 11 Oct 2003, Henning Brauer wrote:

> On Sat, Oct 11, 2003 at 07:56:50AM -0400, S . f . Stover wrote:
> > Has anyone actually seen exploit code for the Openssh 3.6.1 vulnerability?
> > I've been googling around and while I see people talking about exploit code
>
> they are liars.
> it's FUD.
>
> --
> Henning Brauer, BS Web Services, http://bsws.de
> hb@...s.de - henning@...nbsd.org
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ