OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Tancsa (mike_at_sentex.net)
Date: Mon Jan 06 2003 - 15:39:29 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Yes, it does look a bit odd. There was another posting on bugtraq that says,
    -----------------begin quote
    As some may have gathered, the advisory recently posted by mmhshushmail.com
    was indeed a fake, intended to highlight several unclear statements made in
    GIS2002062801.

    The advisory in question is currently being updated with more detailed
    information and will be
    re-posted at: http://www.globalintersec.com/adv/openssh-2002062801.txt as
    soon as it becomes
    available.

    Note that the kbd-init flaw described in GIS2002062801 was proven to be
    exploitable in our lab
    although not all evidence to demonstrate this was provided in the original
    advisory. A mistake
    was made in the original advisory draft, where chunk content data was
    shown, rather than the
    entire corrupted malloc chunk. This will be amended in the revision.

    Also note that to our knowledge there are currently no known, exploitable
    flaws in OpenSSH 3.5p1,
    due to its use of PAM as suggested by mmhshushmail.com. It is almost
    certain that the posted
    bogus advisory was also intended to cause alarm amongst communities using
    OpenSSH, through
    miss-information.

    Global InterSec LLC.
    ------------------------------end quote--------------

    At 01:27 PM 06/01/2003 -0800, Darren Pilgrim wrote:
    >Mike Tancsa wrote:
    >>FYI, for those not on bugtraq.
    >
    >The "advisory" is suspect.
    >
    >1) The language used in the non-technical parts of the message are
    >immature, detracting from the credibility of the author.
    >
    >2) Most ssh clients sends your logged-in username by default if you don't
    >specify one using the form "user" on the command line. My PAM-disabled
    >versions of OpenSSH do this. For a group that supposedly spent six months
    >researching OpenSSH, you'd think they'd have noticed.
    >
    >>>Date: Sat, 4 Jan 2003 19:37:03 -0800
    >>>To: bugtraqsecurityfocus.com
    >>>Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
    >>>From: mmhshushmail.com

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message