OK, I'm back from my trip. I apologize, I ended up with even less Internet access for the latter half than I thought I would. I've just approved the batch of messages I had waiting. I've dropped most of the rumor thread regarding qmail and SSH2. I guess the Apache rumor was successful (sort of; it was a PHP bug.) I've got a copy of the exploit in the wild, and just approved what claims to be a different exploit (again, don't run any code from here without checking.) I don't know whether I will be able to provide copies of the binary exploit yet. It was made up to some degree to look like a TESO exploit, but there is also evidence to indicate it is not. I don't suppose the actual author would care to go ahead and post the source and take credit now? Since many people now have copies, IDS rules exist, the bug is in the open, etc... AFAIK, there is no legal problem with privately researching a hole, producing an exploit, and sharing it with friends. Unless someone has actual evidence of the SSH2 and/or qmail exploits, I'll consider those dead topics. Even if you were personally r00ted by such, unless you've got a packet capture or something, it does us no good. BB
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 14:47:21 PST