RE: Microsoft letdown day

["Altheide, Cory B. (IARC)" <AltheideC () nv doe gov>]

The thing I wonder about is how these loose definitions of "Remote" and
"Vulnerability" would have changed the outcome of the "qmail security
challenge".

http://web.infoave.net/~dsill/dave/qmail/qmail-challenge.html

I can send the administrator an email THROUGH QMAIL telling him to set up a
UID 0 account for me, BAM! REMOTE ROOT.

-- Cory

> -----Original Message-----
> From: dailydave-bounces () lists immunitysec com 
> [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of 
> Aleksander P. Czarnowski
> Sent: Wednesday, January 12, 2005 8:35 AM
> To: dailydave
> Subject: RE: [Dailydave] Microsoft letdown day
>
>
> We're living in a strange world. Since DJB students advisory 
> I am scared of running nasm - good thing I am using masm32 on 
> Windows system - DJB and his students can't get me remotely 
> any time soon ;-) However one remote thing happened - a lot 
> more people now know about DJB's security mailing list. He's 
> advertising genius.
>
> Now I wonder how this bug will influence OpenBSD "Only one 
> remote hole in the default install, in more than 8 years!" slogan:
>
> 010: RELIABILITY FIX: January 10, 2005
> A bug in the tcp(4) stack allows an invalid argument to be 
> used in in calculating the TCP retransmit timeout. By sending 
> packets with specific values in the TCP timestamp option, an 
> attacker can cause a system panic. 
>
> After all you can have a remote vulnerability even after you disable
> (almost) every service (knowing how buggy those services plus 
> kernel are). Just my 2 cents, Cheers, Alex Czarnwoski AVET INS

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave