[Snort-users] sshd-exploit

Frank Knobbe frank at ...9761...
Wed Sep 17 07:40:12 EDT 2003


On Wed, 2003-09-17 at 08:41, Sam Evans wrote:
> I too have heard this, however, there's still a lot of debate as to
> whether the bug is even remotely exploitable.
> 
> CERT says no, RedHat says yes (lol), BSD* folks say no.

Ah, yes. my favorite Tuesday topic :)

Actually, CERT also said it "may" be exploitable, just like RH and
Slackware. OBSD/FBSD said it doesn't look exploitable. Debian (kudos)
made no statement to the 'exploitivness' of this issue. If ya don't
know, don't say.

That's still my main gripe. We have a lot of intelligent code reviewers
around. The problem in SSHD is a small section of code. Surely we can
look at it and determine if it's exploitable or not (the people I talked
to said No).

Yet everyone believes unsubstantiated rumors and spreads FUD in their
advisories... even respectable organizations feed on that FUD....

... oh crap, I wanted to keep my blood pressure low today.... darn... :)

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030917/992fc7c7/attachment.sig>


More information about the Snort-users mailing list