it doesnt contribute to testing, i can assure you there's been enough 'tests' of this exploit.
On Mon, Dec 13, 2010 at 9:32 PM, Cal Leeming [Simplicity Media Ltd] < [email protected]> wrote: > Actually Ryan, I'll think you'll find a lot of people just wanted to > contribute towards testing, as most authors will appreciate the masses > testing on as many systems as possible. > > It's not a case of anyone "showing off", it's simply that a lot of people > simply don't have time to read the "small print". > > On Mon, Dec 13, 2010 at 9:27 PM, Ryan Sears <[email protected]> wrote: > >> Hey Dan, >> >> Freaking THANK YOU first and foremost. I've been waiting for someone to >> say that for days now, and was just about to myself. >> >> Just because everyone and their brother want's to show off that they can >> compile & run some software (herp a derp, good job) DOESN'T mean they should >> immediately post it here. I tested it against an OLDER KERNEL on purpose >> because I actually read the headers and the exploit worked as expected. I >> knew that this was responsibly disclosed, so it was already patched on any >> system that I updated. If you don't have the proper symbols, then the >> exploit doesn't have the proper offsets, and the exploit will fail. Plain >> and simple. *THEN* there's people who don't even bother to read that "Red >> Hat does not support Econet by default". DOES NOT. As in the exploit WON'T >> WORK! >> >> It's pathetic that the original exploit dev has to waste his time saying >> the same thing 5 times. >> >> </rant> >> >> Ryan Sears >> >> ----- Original Message ----- >> From: "dan j rosenberg" <[email protected]> >> To: "Cal Leeming [Simplicity Media Ltd]" < >> [email protected]>, >> [email protected], "Ariel Biener" < >> [email protected]> >> Cc: "leandro lista" <[email protected]>, >> [email protected], [email protected], >> [email protected] >> Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern >> Subject: Re: [Full-disclosure] Linux kernel exploit >> >> Please don't inundate me with e-mail because none of you bothered to read >> the exploit header. >> >> The exploit so far has a 100% success rate on the systems it was designed >> to work on. >> >> I don't think this is rocket science. If your distribution does not >> compile Econet, then the exploit obviously won't be able to open an Econet >> socket. This includes Arch Linux, Gentoo, Fedora, Red Hat, CentOS, >> Slackware, and more. This doesn't mean you're not vulnerable, it just means >> this particular exploit won't work. >> >> If your distro doesn't export the relevant symbols (Debian), ditto above. >> >> If your distro has patched the Econet vulnerabilities I used to trigger >> this (Ubuntu), ditto above. >> >> This was done on purpose, to avoid giving a weaponized exploit to people >> who shouldn't have one. >> >> -Dan >> >> >> Sent from my Verizon Wireless BlackBerry >> >> -----Original Message----- >> From: "Cal Leeming [Simplicity Media Ltd]" >> <[email protected]> >> Sender: [email protected] >> Date: Mon, 13 Dec 2010 20:40:45 >> To: Ariel Biener<[email protected]> >> Cc: <[email protected]>; <[email protected]>; < >> [email protected]>; <[email protected]> >> Subject: Re: [Full-disclosure] Linux kernel exploit >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > > Cal Leeming > > Operational Security & Support Team > > *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * > [email protected] > *Fax: *+44 (02476) 578987 | *Email: *[email protected] > *IM: *AIM / ICQ / MSN / Skype (available upon request) > Simplicity Media Ltd. All rights reserved. > Registered company number 7143564 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
