Re: lug-bg: [Fwd: [Full-Disclosure] **NEW** OpenSSH Vuln Today]

[Boris Jordanov]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Georgi Chorbadzhiyski said the following on 24.09.2003 12:19:
| Teodor Georgiev wrote:
|
|>Interesno e obache kak horata meriat vsichko s dvoen arshin...
|>Ako exploita beshe za sendmail, dosega da se beshe napylnil threada s
flame
|>war za tova, kolko bygav e sendmail i che oshte imalo mnogo serveri
|>raboteshti pod sendmail. I kolko stabilen bil qmail i t.n. i t.n.
|>
|>Ama kato izleze exploit v openssh ili apache i vseki sedi i se
pochesva po
|>topkite?
|>Chudno mi e shto ne pluete po ssh?
|
|
| Zashtoto niama "track record" kato sendmail. Da ne govorim che poslednite
| bugove, dosega nikoi ne e dokazal che sa remote exploitable, samo che
| mogat da prichiniat DoS.
|
|
Veche mu se posubra "track record". Citat ot Debian advisory ot 21-vi:

| Package        : ssh
| Vulnerability  : buffer handling
| Problem type   : possible remote
| Debian-specific: no
| CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682
|
| This advisory is an addition to the earlier DSA-382-1 and DSA-382-3
| advisories: Solar Designer found four more bugs in OpenSSH that may be
| exploitable.
possible, ne probably pishe, a po mi e interesen poslednija red.
Exploit-a e "a matter of time".
Naistina, kato izskochi dupka v open ssh - njama rage, pjana po ustata i
prochee, obache ako e za BIND, SENDMAIL, etc... - uhaaaa, disorder
unleashed (pozdrav za Sepultura fenovete) :) Maj v edin moment ste se
okaze, che puskame IPSec m/u podopechnite ni mashini i plustim telnet-i
na volja...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/cWTWKDHlLar/ewgRApqmAJkBwwa5vbNzOOkIE8LRAaFIoVuW/QCfYnCJ
6z0NgzI+1BZtDkFy3VDBMs4=
=Ls2H
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================