Re: No Subject (re: openssh exploit code?)

["Anders B Jansson" <hdw () kallisti se>]

There's two sets of bad attitude going round and round in this thread.
Heating the debate to pure sillyness.

One shown by the parties that understand how a buffer overflow with 
only zeroes can be exploited, but who until today have refused to 
even mention the theory behind it. Resorting to "if you don't understand
this just shut up and patch your system".

The other shown by the parties who don't understand how a buffer overflow
with only zeroes can be exploited, and taken the position of "if I can't 
understand it, it can't exist".

Today we've got the explaination.

Now even I understand how this could be exploited.

<<snip>>
> Fact
> remains that exploiting this issue requires creativity beyond
> the pre-chewed papers. And that's why you're not seeing the regular
> array of mediocre "hackers" producing exploit code. I'd like to
> think that anyone who was capable of writing this exploit also
> recognises the potential impact of releasing it.

But the "array of mediocre hackers" also scream wolf quite often, 
causing admins of 24/365 system to be a bit selective on when to 
take the system down to patch.
And with a weakness/exploit that 99% of even seasoned admins can't
figure out how it can be an exploit it's not so hard to understand
that several of us say "huh, can anyone explain how this can be an
exploit".

Badly expressed I'm afraid, coming across as "show me a working exploit
and I'll patch, otherwise I'll regard this a a hoax", instead of "can
anyone explain, in theory, how this could be exploited".

End of thread I hope.

// hdw

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html