[Snort-users] sshd-exploit

Sam Evans sam at ...5202...
Wed Sep 17 07:47:11 EDT 2003


Of course, that's how the world works my friend.  We operate and thrive in
FUD.. lol

Look at what the US Government said a while back about how everyone should
make a safe room in the event of a biological attack, by buying loads and
loads of Plastic sheeting and duct tape.. LOL!

Oh well, I'll wait until I hear of an actual exploit before I put my
server in plastic and duct tape.. lolol

-Sam


On Wed, 17 Sep 2003, Frank Knobbe wrote:

> On Wed, 2003-09-17 at 08:41, Sam Evans wrote:
> > I too have heard this, however, there's still a lot of debate as to
> > whether the bug is even remotely exploitable.
> >
> > CERT says no, RedHat says yes (lol), BSD* folks say no.
>
> Ah, yes. my favorite Tuesday topic :)
>
> Actually, CERT also said it "may" be exploitable, just like RH and
> Slackware. OBSD/FBSD said it doesn't look exploitable. Debian (kudos)
> made no statement to the 'exploitivness' of this issue. If ya don't
> know, don't say.
>
> That's still my main gripe. We have a lot of intelligent code reviewers
> around. The problem in SSHD is a small section of code. Surely we can
> look at it and determine if it's exploitable or not (the people I talked
> to said No).
>
> Yet everyone believes unsubstantiated rumors and spreads FUD in their
> advisories... even respectable organizations feed on that FUD....
>
> ... oh crap, I wanted to keep my blood pressure low today.... darn... :)
>
> Cheers,
> Frank
>
>




More information about the Snort-users mailing list