Scott Harney wrote:
> This confluence of events coupled with the critical nature of the ssh
> service is a big deal in my book. some discussion on the list assert
> that it is not an exploitable hole but a DoS (sshd will crash). That's still
> a big deal in my book.
It doesn't take long at all to write an exploit for a published buffer
overflow. You want a link? EFNet.
And even though it's not an exploit, but a Dos, that'll really cause
problems to people who remote admin their boxen. Especially coupled
with an established exploit, so the admin can't login to patch things up
while their machine remains under the control of some whacker.
-- Alex McKenzie alex@boxchain.com http://www.boxchain.com ___________________ Nolug mailing list nolug@nolug.orgReceived on 09/16/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST