[Snort-users] sshd-exploit & new RPC!=low blood pressure

twig les twigles at ...131...
Wed Sep 17 09:36:12 EDT 2003

This is the excuse everyone needs to lock down their host
firewalls to only a couple source IPs for SSH connections and
review their anti-spoofing acls.  As for keeping your blood
pressure low ... it's Wednesday, so stay off of Bugtraq.  BTW,
there is a 'sploit in the wild for that new(er) MS rpc thingy. 
Not much info out yet and I'm trying to avoid the mainstream
media's take on it since they suck.  Securityfocus has a little
article on it, pretty bare.

So buckle up!

--- Frank Knobbe <frank at ...9761...> wrote:
> On Wed, 2003-09-17 at 08:41, Sam Evans wrote:
> > I too have heard this, however, there's still a lot of
> debate as to
> > whether the bug is even remotely exploitable.
> > 
> > CERT says no, RedHat says yes (lol), BSD* folks say no.
> Ah, yes. my favorite Tuesday topic :)
> Actually, CERT also said it "may" be exploitable, just like RH
> and
> Slackware. OBSD/FBSD said it doesn't look exploitable. Debian
> (kudos)
> made no statement to the 'exploitivness' of this issue. If ya
> don't
> know, don't say.
> That's still my main gripe. We have a lot of intelligent code
> reviewers
> around. The problem in SSHD is a small section of code. Surely
> we can
> look at it and determine if it's exploitable or not (the
> people I talked
> to said No).
> Yet everyone believes unsubstantiated rumors and spreads FUD
> in their
> advisories... even respectable organizations feed on that
> FUD....
> ... oh crap, I wanted to keep my blood pressure low today....
> darn... :)
> Cheers,
> Frank

> ATTACHMENT part 2 application/pgp-signature name=signature.asc

Emo is what happens when the glee club goes punk.       

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

More information about the Snort-users mailing list