mailing list archives
Re: [Rumor] SSH 0-day
From: "Digital Jihad" <auto245326 () hush ai>
Date: Fri, 10 Jul 2009 13:23:30 +0300
-----BEGIN PGP SIGNED MESSAGE-----
It is amazing how easily are people convinced. Every time such a
zine surfaces to the public, most "security experts" rush into
conclusions that have nothing to do with reality. Let us get this
straight, everyone talks about the astalavista incident, but no one
tried to assess the facts behind this attack.
A careful reader would have noticed that in the aforementioned
attack logs, the environment variables SSH_CLIENT and
SSH_CONNECTION are set - although censored. That is only possible
after someone has successfully logged into the system. In fact this
can be seen in the OpenSSH source code and specifically in the file
session.c where one can easily find out that these variables (along
with the whole user environment) are set only after fork() is
called and shortly before the shell (or command) is executed, in
do_child() and do_setup_env() respectively.
We know that it is easy for those, who claim to be "security
experts", to make assumptions, but it takes real expertise to
figure out the facts. That is why most of you will never notice the
actual 0day in the source, which _is_ exploitable but not an one-
shot trivial thing.
Digital Jihad Labs
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
-----END PGP SIGNATURE-----
Getting the lowest homeowner insurance rate? Click here to compare quotes from top companies.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Rumor] SSH 0-day Digital Jihad (Jul 10)