frank at ...9761...
Wed Sep 17 07:40:12 EDT 2003
On Wed, 2003-09-17 at 08:41, Sam Evans wrote:
> I too have heard this, however, there's still a lot of debate as to
> whether the bug is even remotely exploitable.
> CERT says no, RedHat says yes (lol), BSD* folks say no.
Ah, yes. my favorite Tuesday topic :)
Actually, CERT also said it "may" be exploitable, just like RH and
Slackware. OBSD/FBSD said it doesn't look exploitable. Debian (kudos)
made no statement to the 'exploitivness' of this issue. If ya don't
know, don't say.
That's still my main gripe. We have a lot of intelligent code reviewers
around. The problem in SSHD is a small section of code. Surely we can
look at it and determine if it's exploitable or not (the people I talked
to said No).
Yet everyone believes unsubstantiated rumors and spreads FUD in their
advisories... even respectable organizations feed on that FUD....
... oh crap, I wanted to keep my blood pressure low today.... darn... :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users