Hi Attica, That's a fine example of the whitehat leech mentality you're displaying there. Why do you insist on being so dependent on other people's findings? You're supposed to be some sort of "security" expert no? Well here's an idea, how about you go research the bug yourself and base any conclusions on exploitability on that. Instead of begging the people who put in the work to disclose their research. What is the added value of anyone disclosing an exploit to you?
A) You know the bug exists. B) You know it's probably a good idea to patch it. So I don't see what the big deal is with it being exploitable or not. The fact that you don't have the skills to independently research and exploit the ossh nul overflow has no bearing on the fact that you should patch your openssh daemons. So unless you plan on owning a bunch of boxen mr. stackheap (!?) I don't see why the likes of you would need any confirmation or even working exploit code. Disclosing an exploit would at this stage only cause alot of senseless hacking. But to put your mind at ease. Yes it is exploitable. Will you get an exploit from me? Hell no. And I doubt that anyone who put in the research time would just give up their work like that. There is absolutely no justification for the public disclosure of an exploit for this issue. It's been recognised as a security issue and people have been advised to patch. Again, putting an exploit in the hands of the greedy and clueless is not something I would want to be responsible for. And I doubt any sensible person would release an exploit for this issue. Be it only because successfull exploitation of the bug requires abuse of a lesser but still unknown issue which ensures a favorable heap layout. I seriously hope noone falls for the trap of releasing exploit code to "prove" a point. Ignorance is bliss. If you can't write the exploit, you don't need the exploit. End of story. With regards, Mitch --opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Well, this thread didn't quite go like I had planned. ;-) I did have someone contact me off-list and say that he had a vulnerable sshd server that was owned - he wasn't certain that it was this exploit, but he thought it was (= not sure why - he didn't say). I'm working on getting the trace for analysis - will post if I get it (and it's OK w/ the source). So it seems to me (ranting aside), that it MIGHT be exploitable, and there MIGHT be code out there to do it, but my issue remains: until I see source, or poc I won't know for sure. Does anyone who knows for sure feel like contributing? --=20 aka Dolph Longhorn [EMAIL PROTECTED] GPG Key ID: 0xF8F859D0 http://pgp.mit.edu:11371/pks/lookup?search=3D0xF8F859D0&op=3Dindex "There is no such thing as right and wrong, there's just popular opinion." -Jeffrey Goines --opJtzjQTFsWo+cga Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/ki3hBJRbvfj4WdARAn8qAJ9ZVE1Xd3c1g1MP7/OvS8lmZMKrTACdGgvx aB6gM+U61L4OgQkLZ33ywU0= =wK+C -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html