[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH Security Advisory: buffer.adv
- To: <misc@cvs.openbsd.org>
- Subject: Re: OpenSSH Security Advisory: buffer.adv
- From: "Dom De Vitto" <dom@DeVitto.com>
- Date: Wed, 17 Sep 2003 15:27:01 +0100
- Organization: Secure Technologies Ltd.
/. are half-saying that an exploit is available (quoting a post that
says one exists, but isn't very credible as it's only from a single
source I don't know/trust/love).
Has anyone heard different and seen the sploit in the wild?
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto Tel. 07855 805 271
http://www.devitto.com mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of Dries Schellekens
Sent: Wednesday, September 17, 2003 2:42 PM
To: Theo de Raadt
Cc: misc@cvs.openbsd.org
Subject: Re: OpenSSH Security Advisory: buffer.adv
On Tue, 16 Sep 2003, Theo de Raadt wrote:
> OOOPS!!!
>
> > > ISS claims on their site to have discovered it...
> > > http://xforce.iss.net/xforce/alerts/id/144
> >
> > But that is now how we became aware of it.
>
> I meant:
>
> But that is NOT how we became aware of it; we became aware because of
> a posting of the function in question by someone on some list.
>
> > I think they want credit though they did not disclose it to the
> > vendor.
>
> Hence, I made this comment.
So again ISS was unable to make a coordinated disclosure.
Cheers,
Dries
--
Dries Schellekens
email: gwyllion@ulyssis.org