On 2003.01.06, Phillip Hofmeister <[EMAIL PROTECTED]> wrote: > On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > > ----- Original Message ----- > > From: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > > To: <bugtraq@securityfocus.com <mailto:bugtraq@securityfocus.com>> > > Sent: Sunday, January 05, 2003 4:37 AM > > Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > > > # gdb sshd 6552 > > This vulnerability seems to be useless if you have to be able to run gdb > locally AS ROOT (as demonstrated above)... If I have root access to a > machine....why am I trying to exploit a vulnerability? > > ....ponders....thinks...really hard... > > Boy, I can't think of a good reason * :) > > * Just because I can't think of a reason does not mean there isn't one. > Maybe a crazy person can tell me why...
Re-read the announcement. The whole "gdb sshd as root" thing was to /prove/ the vulnerability exists by explicitly showing you how to verify where the free() would take place. They could have put together a working exploit and distributed that as their way of demonstrating the vulnerability's existance, but the way they did it is a lot "friendlier" ... prove it exists, but don't give out working code that exploits it. -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)