Full Disclosure mailing list archives

RE: No Subject (re: openssh exploit code?)

From: "V.O." <vosipov () tpg com au>
Date: Wed, 22 Oct 2003 10:21:56 +1000

These paragraphs do more to convince me that the exploit is 
possible than all the rest of the flame war put together. Thanks, 
both of you.



does anybody need a refresher on heap overflows? :)

http://vg.rstack.org/download/l01/bof.pdf (2002 btw)

chapter 3 and 3.6 in particular.

and of course there is Greg Hoglunds blackhat 2000 paper, but it does not deal much with 
heap overwrites, just function pointers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: No Subject (re: openssh exploit code?), (continued)
- RE: No Subject (re: openssh exploit code?) Bassett, Mark (Oct 21)
  - Re: No Subject (re: openssh exploit code?) Richard Massa (Oct 21)
  - RE: No Subject (re: openssh exploit code?) Ron DuFresne (Oct 22)
- No Subject (re: openssh exploit code?) mitch_hurrison (Oct 21)
  - Re: No Subject (re: openssh exploit code?) Dan Wilder (Oct 21)
  - Re: No Subject (re: openssh exploit code?) Helmut Springer (Oct 23)
- RE: No Subject (re: openssh exploit code?) Robert Ahnemann (Oct 21)
- RE: No Subject (re: openssh exploit code?) Robert Ahnemann (Oct 21)
- RE: No Subject (re: openssh exploit code?) Robert Ahnemann (Oct 21)
  - RE: No Subject (re: openssh exploit code?) Montana Tenor (Oct 21)
    - RE: No Subject (re: openssh exploit code?) V.O. (Oct 21)
  - Re: No Subject (re: openssh exploit code?) Kenneth R. van Wyk (Oct 21)
- RE: No Subject (re: openssh exploit code?) Schmehl, Paul L (Oct 21)
- RE: No Subject (re: openssh exploit code?) Generated by a PseudoRandom Number Generator (Oct 21)