Re: Telnetd exploit for solaris

["Robert A. Seace" <ras () slartibartfast magrathea com>]

In the profound words of fintler:
> --- Labkonto <ppht-15 () mdstud chalmers se> wrote:
> > Anyone here that developed an exploit
> > for the Telnetd buffer overflow on solaris,
> > or know where to get one?
>
> Now why would you possible want something like that...if you were an admin, you'd just patch your
> box and forget it. I can only assume you're trying to get into someone elses box, what makes you
> think I'm going to give you a script so you can get someone fired from their job because you felt
> like being an 3r3ct skr1pt k1ddi3.

        Ah, guilty until proven innocent, eh?  Wonderful attitude,
that...

        Since when does wanting access to exploits qualify one as
a criminal??  Jesus...  Does that make every visitor to
SecurityFocus.com's vulnerability database a criminal?  After
all, in your own words, why would they possibly want access
to all those exploits, if they weren't all just evil script
kiddies?  Give me a break...  That's the poorest attempt at
arguing against full disclosure that I've ever heard...  It's
hardly even worth responding to...  But, just to humor you...

        If you had ever actually administered a system before,
you might realize that it's generally not wise to just go
around applying every single new patch that comes out to a
working, actively-used production server, without any thought
to the consequences...  Many patches can have bad side-effects
and screw up things that were working fine before...  (Granted,
that's usually MS patches, for the most part, but others are
sometimes guilty, as well... ;-))  And, maybe the server is
really critical, and every SECOND of downtime comes at great
cost; so, management won't ALLOW you to take the thing down
long enough to patch it, unless you can clearly demonstrate
to them a clear and present danger in its current setup...
Or, maybe the exploit is needed to test the patch after it's
applied, to make sure it actually worked to close the hole...
It's not unknown for vendors to release faulty patches that
don't do what they claim, either...

        Or, maybe the person is just curious, and trying to learn
about exploits, by playing with a live one on a box he has the
right to screw with, and seeing how it works...

        Or, maybe they ARE just a script kiddie...  Who knows?
But, it doesn't matter, either way: hiding the information,
under the guise of some moral superiority, while proclaiming
judgement on everyone else, is just stupid and counter-productive...
Anyone who has such an unreleased exploit, and is NOT releasing
it to the public at large, is just helping out those very same
script kiddies they profess to be guarding against, while at
the same time, putting the sysadmins and other honest people
that they profess to be on the side of, at a great disadvantage...
Hiding information is NEVER a good course of action, and NEVER
helps anyone except the bad guys (who still have plenty of ready
access to the now hidden info, while the good guys do not)...

-- 
||========================================================================||
||    Rob Seace    ||               URL              || ras () magrathea com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob () wordstock com ||
||========================================================================||
"A dead telephone sanitizer?" "Best kind." "But what's he doing here?"
"Not a lot." - The Restaurant at the End of the Universe