The apache chunked issue was not exploitable either... http://www.securityfocus.com/news/493 *gobble gobble*
-KF
Mike Griffin wrote:
To quote the FreeBSD draft advisory taken from freebsd-security: III. Impact
A remote attacker can cause OpenSSH to crash. The bug is not believed to be exploitable for code execution on FreeBSD. --- excerpt ---
So it depends on your definition of remote hole. This doesn't appear to have potential for anything other than DoS.
On 17 Sep 2003 at 6:43, Darren Reed wrote:
In some mail from Edward W. Ray, sie said:
Either your just an ass or an Theo hater or both.
Either way, your comments are without merit. If one looks at the record of OpenBSD and OpenSSH it is certainly way better than the other software out there.
Really ? I think you'll find that there are quite a number of people, aside from myself, who think that the "1 exploit in X years" is on one end of it as misleading and the other end, a lie, excluding this current openssh problem.
But that statement is as much market fodder as much anything else.
As for the "way better", I'll take your comment as a completely subjective comment as the way in which you measure software quality may not be the same as the way I (or others) measure it.
I could go on and cite examples but I don't think that's necessary.
Some people, like you, believe openbsd/openssh is the best software that exists today. Others don't and I'm sure there are examples and counter examples to prove either side. My only advice is try not to take criticism of it personally.
Darren
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
