[Ti] more 10.2.8 and car analogies
Tarik
tarik at opalblue.com
Thu Oct 2 10:23:22 PDT 2003
On Thursday, October 2, 2003, at 03:36 pm, Jesse Brown wrote:
>> I don't give a rats
>> arse whether or not you enable "remote login". The vulnerability
>> involves a buffer mismanagement problem whereby an attacker can gain
>> root access to the machine via the sshd user process.
>
> The Buffer Management bug you refer to has not been proven to be
> exploitable
I also agree with Jesse that the exploit has not yet been publicly
proven.
We need to be very careful before crying out, as someone did on the
bugtraq mailing list a while ago and then was not able to prove the
exploit.
Obviously we need to be aware that no security is perfect and that a
known "secure" protocol can become "insecure" overnight.
thanks,
Tarik
More information about the Titanium
mailing list