Slashdot Mirror
OpenSSH Local Root Hole
maelstrom writes: "Looks like someone's found a local root exploit for OpenSSH versions between 2.0 and 3.0.2. Seems as though its a one-off error, there is no public exploit, but there is sure to be one shortly. They aren't ruling out remote exploit. Recommending patching and upgrading ASAP."
Same goes for telnetd, named, sendmail, etc.
chris@xanadu:~$ whatis /.
/.: nothing appropriate.
Full disclosure is where the script kiddies get their tools.
Now this is public knowledge, an exploit will be available within hours.
There is a difference between the people who discover vulnerabilities and those who browse security-focus for them.
This should have been fixed before it was announced, and a period of time waited for people to upgrade.
There isn't even a fixed version available for multiple platforms yet, ffs.
Vince.
I need a sig.
Please take a look at http://anti.security.is when you have some spare time.
In particular:
Q: What's wrong with full disclosure?
A: Full disclosure attempts to contradict the saying "two wrongs don't make a right" in the sense that it stimulates criminal activities in order to catalyze security awareness. Take the following example: An unrestricted maniac runs around the streets, shooting people in the name of improving security because he aims to increase the public use of bullet-proof vests. And who makes these vests? After everybody is protected by vest v1, the public is complacent, and sales of vest v2 must be stimulated by inventing a shotgun which penetrates the first vest. There is competition in the vest manufacturing business, so they all profit from the development of higher powered munitions. Manufacturers get money, and also lobby for pro-homicidal laws in other countries to spread the market, while innocent people suffer at their expense. The cycle still doesn't end with vest v666, because a newer armor-piercing bullet is in the works. How do you end the rat race? Stop full disclosure!
Vince.
I need a sig.
If you'd just keep your source closed like the smart folks at Microsoft then these sorts of bugs would never be found.
How many exploits can one "secure" softare package have? I mean jesus, BSD is fairly secure and this project is supposed to have BSD style security checks. What went wrong.
Information like this makes me
A. Consider purchasing SSH from a commercial source because the AMOUNT of problems with it is less
B. Going back to telnet!
Not many people out there with sniffers between my box and my connection. Lots of l33t haX0rS with worms probing port 22.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
So, armour is revolutionized and becomes 99% unpiercable.
Next, ammo is revolutionized, and pierces every shot.
Rinse, repeat.
We had a mathematics breakthrough recently that made public key crypto shorter than 4k bits almost trivial to crack. I think it was on Slashdot, but I don't remember any links... Either way, the revolution was made, and a lot of encryption is no longer providing the protection it should.
So, now we use 4k bit encryption or higher. What happens when that becomes trivially cracked?
8k bit? 128k bit?
Thats the problem, the weapons makers know the specifications, EXACTLY, of the defence mechanisms.
Unfortunately you are correct, Open Source itself promotes full disclosure, which is part of whats so annoying... Open Source rocks. But full disclosure doesn't. Thems the breaks I guess?
Vince.
I need a sig.
Sure, do it with telnet.