Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
On 2003.01.06, Phillip Hofmeister <plhofmei@zionlth.org> wrote:
> On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote:
> > ----- Original Message -----
> > From: <mmhs@hushmail.com <mailto:mmhs@hushmail.com>>
> > To: <bugtraq@securityfocus.com <mailto:bugtraq@securityfocus.com>>
> > Sent: Sunday, January 05, 2003 4:37 AM
> > Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
> > > # gdb sshd 6552
>
> This vulnerability seems to be useless if you have to be able to run gdb
> locally AS ROOT (as demonstrated above)... If I have root access to a
> machine....why am I trying to exploit a vulnerability?
>
> ....ponders....thinks...really hard...
>
> Boy, I can't think of a good reason * :)
>
> * Just because I can't think of a reason does not mean there isn't one.
> Maybe a crazy person can tell me why...
Re-read the announcement. The whole "gdb sshd as root" thing was to
/prove/ the vulnerability exists by explicitly showing you how to verify
where the free() would take place.
They could have put together a working exploit and distributed that as
their way of demonstrating the vulnerability's existance, but the way
they did it is a lot "friendlier" ... prove it exists, but don't give
out working code that exploits it.
-- Dossy
--
Dossy Shiobara mail: dossy@panoptic.com
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
Reply to: