Vulnerability Development mailing list archives
Re: Telnetd exploit for solaris
From: "Robert A. Seace" <ras () slartibartfast magrathea com>
Date: Thu, 6 Sep 2001 06:42:34 -0400 (EDT)
In the profound words of fintler:
--- Labkonto <ppht-15 () mdstud chalmers se> wrote:Anyone here that developed an exploit for the Telnetd buffer overflow on solaris, or know where to get one?Now why would you possible want something like that...if you were an admin, you'd just patch your box and forget it. I can only assume you're trying to get into someone elses box, what makes you think I'm going to give you a script so you can get someone fired from their job because you felt like being an 3r3ct skr1pt k1ddi3.
Ah, guilty until proven innocent, eh? Wonderful attitude, that... Since when does wanting access to exploits qualify one as a criminal?? Jesus... Does that make every visitor to SecurityFocus.com's vulnerability database a criminal? After all, in your own words, why would they possibly want access to all those exploits, if they weren't all just evil script kiddies? Give me a break... That's the poorest attempt at arguing against full disclosure that I've ever heard... It's hardly even worth responding to... But, just to humor you... If you had ever actually administered a system before, you might realize that it's generally not wise to just go around applying every single new patch that comes out to a working, actively-used production server, without any thought to the consequences... Many patches can have bad side-effects and screw up things that were working fine before... (Granted, that's usually MS patches, for the most part, but others are sometimes guilty, as well... ;-)) And, maybe the server is really critical, and every SECOND of downtime comes at great cost; so, management won't ALLOW you to take the thing down long enough to patch it, unless you can clearly demonstrate to them a clear and present danger in its current setup... Or, maybe the exploit is needed to test the patch after it's applied, to make sure it actually worked to close the hole... It's not unknown for vendors to release faulty patches that don't do what they claim, either... Or, maybe the person is just curious, and trying to learn about exploits, by playing with a live one on a box he has the right to screw with, and seeing how it works... Or, maybe they ARE just a script kiddie... Who knows? But, it doesn't matter, either way: hiding the information, under the guise of some moral superiority, while proclaiming judgement on everyone else, is just stupid and counter-productive... Anyone who has such an unreleased exploit, and is NOT releasing it to the public at large, is just helping out those very same script kiddies they profess to be guarding against, while at the same time, putting the sysadmins and other honest people that they profess to be on the side of, at a great disadvantage... Hiding information is NEVER a good course of action, and NEVER helps anyone except the bad guys (who still have plenty of ready access to the now hidden info, while the good guys do not)... -- ||========================================================================|| || Rob Seace || URL || ras () magrathea com || || AKA: Agrajag || http://www.magrathea.com/~ras/ || rob () wordstock com || ||========================================================================|| "A dead telephone sanitizer?" "Best kind." "But what's he doing here?" "Not a lot." - The Restaurant at the End of the Universe
Current thread:
- Re: Telnetd exploit for solaris, (continued)
- Re: Telnetd exploit for solaris sween (Sep 06)
- Re: Telnetd exploit for solaris sa7ori (Sep 06)
- RE: Telnetd exploit for solaris Joseph Spears (Sep 07)
- RE: Telnetd exploit for solaris Dom De Vitto (Sep 07)
- Re: Telnetd exploit for solaris sween (Sep 06)
- Re: Telnetd exploit for solaris Stanley G. Bubrouski (Sep 06)
- Re: Telnetd exploit for solaris Kaneda Akira (Sep 07)
- Re: Telnetd exploit for solaris Cory McIntire (Sep 07)
- Re: Telnetd exploit for solaris H D Moore (Sep 07)
- Re: Telnetd exploit for solaris James Puckett (Sep 07)
- Re: Telnetd exploit for solaris Joseph Mallett (Sep 07)
- Re: Telnetd exploit for solaris Federico Bellizia (Sep 06)
- Re: Telnetd exploit for solaris sween (Sep 06)
- Re: Telnetd exploit for solaris fintler (Sep 06)
- Re: Telnetd exploit for solaris Gerard Palma (Sep 07)
- Re: Telnetd exploit for solaris Big Woz (Sep 07)
- Re: Telnetd exploit for solaris Gnuthad (Sep 08)