Dearest Sir, Can you provide any sort of technical argument as to why this bug is not exploitable? Or are you going to simply stand behind the typical OpenBSD zealot view and say it can't be exploited, only because there is not public "proof of concept" code available?
ISS' X-Forces claim to have created a working proof-of-concept code for the bug. Are you calling those respectable young men and woman liars? Or maybe you're sore because they're responsible for publishing information on the first remote bug (that was demonstrated to be exploitable, mind you) for OpenBSD? Maybe you're from the same cult that claimed negative-length memcpy's aren't exploitable. Or one of those who think that the bug-ridden "privsep" codes used throught OpenBSD are implemented correctly, thus adding a worthwhile layer of security to your operating system. You probably enjoy the multiple levels of admitted "obscurity features" (check the Brad Spengler vs. OpenBSD Team threads just about anywhere, Theo's quotes on w^x being an "obscurity feature" to thwart attacks from lesser skilled attackers - since after all, the lesser skilled attackers are the real threat, right?). So yeah, FUD. If I told you there are still exploitable preauthentication bugs in OpenSSH, would that just be FUD too? FUD until the next advisory is published on that horribly designed codebase, FUD until the threat is demonstrated, right? Bet you'd like to see yourself eat your words, so you can generate a little more revenue with your security job. . . So, please, if you're going to take a stance against this bug being exploitable, let's see what you've done in an attempt to exploit it. Let's see something definitive showing why it can't be done. Or keep blinding supporting OpenBSD "The Nearly POSIX Compliant Unix-Like Operating System With Obscurity Features (tm)" and sounding like a jackass here. - the master of mprotect, champion of privilege seperation, rapist of theo Incidently, on your Ritchie quote - ever stop to think what he'd think of someone like Theo who can't grasp the simple languaged used to define the POSIX standards? ;) ps: provide an adequate technical discussion against the exploitability of this particular bug, and if it proves to be sound I'll release an exploit for a different unpublished OpenSSH bug for you guys to write up some advisories on! (err, must be FUD:) ----------------------------------------------------------- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - ----------------------------------------------------------- On Sat, 11 Oct 2003, Henning Brauer wrote: > On Sat, Oct 11, 2003 at 07:56:50AM -0400, S . f . Stover wrote: > > Has anyone actually seen exploit code for the Openssh 3.6.1 vulnerability? > > I've been googling around and while I see people talking about exploit code > > they are liars. > it's FUD. > > -- > Henning Brauer, BS Web Services, http://bsws.de > [EMAIL PROTECTED] - [EMAIL PROTECTED] > Unix is very simple, but it takes a genius to understand the simplicity. > (Dennis Ritchie) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html