-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey I've been hearing about this for the past year, but always shrugged it off as fun-and-games at best or FUD at worst. A few days ago, though, I posed the question to a friend who has been a very reliable source in the past concerning exploit rumors and security gossip (among many other things, he was able to give me two week's warning about the Apache chunked encoding hole). He said in no uncertain terms that although he has no substantial information concerning the flaws, the Linux kernel, FreeBSD/OpenBSD kernel, and possibly other kernels contain remote vulnerabilities that were discovered independently by both a Bindview employee and/or an individual using the nickname ~el8. The bugs are said to have something to do with integer manipulation in the kernels' TCP/IP stacks. That's all he was able to offer me, but was very forward in saying that he has full confidence based on conversations with others that these bugs do indeed exist. Now, there's always the chance I'll be wrong, but unless someone wishes to comment on the technical plausibility of these vulnerabilities, I have several second-rate reasons as to why I believe these rumours are most likely just figments of the imagination: - - I have not seen any incident reports on Incidents, or any other mailing list for that matter. - - You'd think several high profile sites would've been attacked already with such devastating exploits, but I've seen no reports of this. In fact, if the kids really did have such an exploit, you'd think they'd tag their h4ndl3z all over high profile sites. But according to Alldas, high profile defacements have been virtually nonexistent in the last year or so. - - Given the skill required to craft such an exploit, I'd think it would be way out of the grasp of the kids. Since no researcher has come forth with such a vulnerability, it's logical to conclude that this does not exist. Anyway, I'm very interested in hearing what others have to offer concerning these rumors. Even if it's for reassurance ;> - -- Andy -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlwEARECABwFAj17ObAVHGFuZHlfbW5AaHVzaG1haWwuY29tAAoJEDRxILB1JtUKPLoA n1do1g9fG+QCaKe5+dFeMu9Rw5KNAKCOLV2ToVpNRmmH2V2t1sdBsZi6ew== =h3o0 -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 09 2002 - 08:34:31 PDT