Re: [Full-disclosure] [Rumor] SSH 0-day

Hash: SHA1

It is amazing how easily are people convinced. Every time such a
zine surfaces to the public, most "security experts" rush into
conclusions that have nothing to do with reality. Let us get this
straight, everyone talks about the astalavista incident, but no one
tried to assess the facts behind this attack.

A careful reader would have noticed that in the aforementioned
attack logs, the environment variables SSH_CLIENT and
SSH_CONNECTION are set - although censored. That is only possible
after someone has successfully logged into the system. In fact this
can be seen in the OpenSSH source code and specifically in the file
session.c where one can easily find out that these variables (along
with the whole user environment) are set only after fork() is
called and shortly before the shell (or command) is executed, in
do_child() and do_setup_env() respectively.

We know that it is easy for those, who claim to be "security
experts", to make assumptions, but it takes real expertise to
figure out the facts. That is why most of you will never notice the
actual 0day in the source, which _is_ exploitable but not an one-
shot trivial thing.

Kind regards,
Digital Jihad Labs
- --
Charset: UTF8
Note: This signature can be verified at
Version: Hush 3.0


Getting the lowest homeowner insurance rate? Click here to compare quotes from top companies.

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -