[Full-Disclosure] SSH Exploit Request
gui at goddessmoon.org
Thu Nov 13 21:55:45 GMT 2003
> Carefully read the subtext in his note. He would like an exploit if
> possible (or at least that's his claim) so that he can prove to someone
> else that yes, it DOES need to be patched, right now. I.e. he's got a
> boss with pointy hair that isn't cooperating.
> You don't have to believe his story. Having dealt with many bosses (my
> own, or someone else's) exactly like that, I'm willing to entertain his
> Calling the admin who wants to apply the patch, but isn't allowed to
> without jumping through hoops, lazy or stupid doesn't help anyone.
Uhm, if his boss is that way to an admin that's asked to secure a box/set of
computers I personally wouldn't work there. There is too much on my head
Your boss should respect what you say and what you know and allow you to do
your job instead of wanting to do it himself.
Anyhow, I personally don't want a DCOM For nix... Since I know of a LOT of
boxes that haven't been patched yet. There is really no need for a 'box and
shipped' version of the vuln. There is a whitepaper out... Go read it and
figure it out yourself.
Full-Disclosure is hosted and sponsored by Secunia.