lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: frank at knobbe.us (Frank Knobbe)
Subject: re: openssh exploit code?

Hey guys,

don't want to cause a stir, but here are some thoughts I have since that
SSH issue was dear to me when it came out.

On Mon, 2003-10-20 at 05:28, mitch_hurrison@...lip.com wrote:
> What is the added value of anyone
> disclosing an exploit to you? 

Proof that it is indeed exploitable. I personally don't need an exploit,
just show me in a discussion where it is exploitable. I still don't
believe that the first issue (heap overwritten with 0's) is exploitable
other than a DoS. Now the PAM issue probably is, I haven't looked at
that.

Just so you know where I'm coming from: I get pretty pissed off when
unsubstantiated rumors cause a commotion that everyone is jumping on
without having done a review or proof of its existence, especially when
it's used for feed the FUD mill. For example, if someone spreads a rumor
that the latest version of Apache is exploitable with a remote root
exploit (not just DoS) in the mime_module, but while reviewing the code
it just doesn't seem possible, then that person making those claims
better back it up with some data. Doesn't have to be exploit code, but
an analysis that convinces others.

> A) You know the bug exists. 
> B) You know it's probably a good idea to patch it. 

heh... Nothing wrong with that statement. However, the severity of the
issue (DoS vs. remote-root) would be helpful in determining if admins
should yank the boxes during production, or wait to patch after hours.

> But to put your mind at ease. Yes it is exploitable. Will you
> get an exploit from me? Hell no. 

Okay, please show us in discussion where it is exploitable. No need for
exploit code to feed the script kiddies, just convince me with an
analysis. 

I still believe that the heap-write-0 issue is not exploitable other
than a DoS. If you think it is, please show us how.


Cheers,
Frank



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031020/71dff203/attachment.bin

Powered by blists - more mailing lists