[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On 2003.01.06, Phillip Hofmeister <plhofmei@zionlth.org> wrote:
> On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote:
> > ----- Original Message ----- 
> > From: <mmhs@hushmail.com <mailto:mmhs@hushmail.com>> 
> > To: <bugtraq@securityfocus.com <mailto:bugtraq@securityfocus.com>> 
> > Sent: Sunday, January 05, 2003 4:37 AM 
> > Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS 
> > > # gdb sshd 6552
> 
> This vulnerability seems to be useless if you have to be able to run gdb
> locally AS ROOT (as demonstrated above)... If I have root access to a
> machine....why am I trying to exploit a vulnerability?
> 
> ....ponders....thinks...really hard...
> 
> Boy, I can't think of a good reason * :)
> 
> * Just because I can't think of a reason does not mean there isn't one.
>     Maybe a crazy person can tell me why...

Re-read the announcement.  The whole "gdb sshd as root" thing was to
/prove/ the vulnerability exists by explicitly showing you how to verify
where the free() would take place.

They could have put together a working exploit and distributed that as
their way of demonstrating the vulnerability's existance, but the way
they did it is a lot "friendlier" ... prove it exists, but don't give
out working code that exploits it.

-- Dossy

-- 
Dossy Shiobara                       mail: dossy@panoptic.com 
Panoptic Computer Network             web: http://www.panoptic.com/ 
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)
Reply to: