On Mon, 2003-01-06 at 21:06, Phillip Hofmeister wrote: > On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > > ----- Original Message ----- > > From: <mmhs@hushmail.com <mailto:mmhs@hushmail.com>> > > To: <bugtraq@securityfocus.com <mailto:bugtraq@securityfocus.com>> > > Sent: Sunday, January 05, 2003 4:37 AM > > Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > > > # gdb sshd 6552 > > This vulnerability seems to be useless if you have to be able to run gdb > locally AS ROOT (as demonstrated above)... If I have root access to a > machine....why am I trying to exploit a vulnerability? The gdb session is proof of concept. Apparently it is possible to cause the same effect by carefully chosing the data on the sender. No, I've not studied it. cheers -- vbi -- featured link: http://fortytwo.ch/gpg/subkeys
Attachment:
signature.asc
Description: This is a digitally signed message part