j.weber at ...8292...
Wed Sep 17 07:58:05 EDT 2003
On Wed, 2003-09-17 at 16:39, Frank Knobbe wrote:
> That's still my main gripe. We have a lot of intelligent code reviewers
> around. The problem in SSHD is a small section of code. Surely we can
> look at it and determine if it's exploitable or not (the people I talked
> to said No).
Well, I for sure would rather say "Uhhm I am not sure, but a wrong offset in memory handling could maybe be exploitable" than "Naw, it's not, trust me".
Remember Apache on *BSD when Gobbles showed how it is 'not exploitable'?
And I think that with something as widespread as OpenSSH a little bit of
activism on the update front cannot harm.
I'm pretty sure though that in case it is indeed exploitable we'll see
lots of creative work in the comming weeks. Arm your bruteforcer and
share the offsets!
Anyways. No exploit->no signature. Less work for me ;)
T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 33
E: j.weber at ...8292...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users