lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031021103837.M20490@kallisti.se>
From: hdw at kallisti.se (Anders B Jansson)
Subject: No Subject (re: openssh exploit code?)

There's two sets of bad attitude going round and round in this thread.
Heating the debate to pure sillyness.

One shown by the parties that understand how a buffer overflow with 
only zeroes can be exploited, but who until today have refused to 
even mention the theory behind it. Resorting to "if you don't understand
this just shut up and patch your system".

The other shown by the parties who don't understand how a buffer overflow
with only zeroes can be exploited, and taken the position of "if I can't 
understand it, it can't exist".

Today we've got the explaination.

Now even I understand how this could be exploited.

<<snip>>
> Fact
> remains that exploiting this issue requires creativity beyond
> the pre-chewed papers. And that's why you're not seeing the regular
> array of mediocre "hackers" producing exploit code. I'd like to
> think that anyone who was capable of writing this exploit also
> recognises the potential impact of releasing it.

But the "array of mediocre hackers" also scream wolf quite often, 
causing admins of 24/365 system to be a bit selective on when to 
take the system down to patch.
And with a weakness/exploit that 99% of even seasoned admins can't
figure out how it can be an exploit it's not so hard to understand
that several of us say "huh, can anyone explain how this can be an
exploit".

Badly expressed I'm afraid, coming across as "show me a working exploit
and I'll patch, otherwise I'll regard this a a hoax", instead of "can
anyone explain, in theory, how this could be exploited".

End of thread I hope.

// hdw


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ