"icanhaze.c" OpenSSH exploit?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

"icanhaze.c" OpenSSH exploit?

Dustin Lundquist-3
Does anyone have any information that can share?

    http://pastebin.com/raw.php?i=gjkivAf3


Thanks,


Dustin Lundquist

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Denis Fondras
Le 06/05/2014 18:50, Dustin Lundquist a écrit :
> Does anyone have any information that can share?
>
>     http://pastebin.com/raw.php?i=gjkivAf3
>
>


https://lists.cacert.org/wws/arc/cacert-sysadm/2014-05/msg00001.html

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Ted Unangst-6
In reply to this post by Dustin Lundquist-3
On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote:
> Does anyone have any information that can share?
>
>     http://pastebin.com/raw.php?i=gjkivAf3

OpenBSD isn't affected, so no need to worry.

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Franco Fichtner-2
On 06 May 2014, at 19:32, Ted Unangst <[hidden email]> wrote:

> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote:
>> Does anyone have any information that can share?
>>
>>    http://pastebin.com/raw.php?i=gjkivAf3
>
> OpenBSD isn't affected, so no need to worry.

Thanks, now I do worry.

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Giancarlo Razzolini-3
Em 06-05-2014 15:27, Franco Fichtner escreveu:
> On 06 May 2014, at 19:32, Ted Unangst <[hidden email]> wrote:
>
>> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote:
>>> Does anyone have any information that can share?
>>>
>>>    http://pastebin.com/raw.php?i=gjkivAf3
>> OpenBSD isn't affected, so no need to worry.
> Thanks, now I do worry.
>
Ted,

    Could expand on this? I, myself, do not run that many portable
OpenSSH installations that are internet facing. But there are some and,
all those of course, not running OpenBSD. From what I read of the
pastebin link, it appears to be a scam.

Cheers,

--
Giancarlo Razzolini
GPG: 4096R/77B981BC

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Ted Unangst-6
In reply to this post by Ted Unangst-6
On Tue, May 06, 2014 at 16:30, Giancarlo Razzolini wrote:

> Em 06-05-2014 15:27, Franco Fichtner escreveu:
>> On 06 May 2014, at 19:32, Ted Unangst <[hidden email]> wrote:
>>
>>> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote:
>>>> Does anyone have any information that can share?
>>>>
>>>>    http://pastebin.com/raw.php?i=gjkivAf3
>>> OpenBSD isn't affected, so no need to worry.
>> Thanks, now I do worry.
>>
> Ted,
>
>     Could expand on this? I, myself, do not run that many portable
> OpenSSH installations that are internet facing. But there are some and,
> all those of course, not running OpenBSD. From what I read of the
> pastebin link, it appears to be a scam.

Pretending the post is real, it doesn't list OpenBSD. A weak joke on my
part.

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Giancarlo Razzolini-3
Em 06-05-2014 16:50, Ted Unangst escreveu:

> On Tue, May 06, 2014 at 16:30, Giancarlo Razzolini wrote:
>> Em 06-05-2014 15:27, Franco Fichtner escreveu:
>>> On 06 May 2014, at 19:32, Ted Unangst <[hidden email]> wrote:
>>>
>>>> On Tue, May 06, 2014 at 09:50, Dustin Lundquist wrote:
>>>>> Does anyone have any information that can share?
>>>>>
>>>>>    http://pastebin.com/raw.php?i=gjkivAf3
>>>> OpenBSD isn't affected, so no need to worry.
>>> Thanks, now I do worry.
>>>
>> Ted,
>>
>>     Could expand on this? I, myself, do not run that many portable
>> OpenSSH installations that are internet facing. But there are some and,
>> all those of course, not running OpenBSD. From what I read of the
>> pastebin link, it appears to be a scam.
> Pretending the post is real, it doesn't list OpenBSD. A weak joke on my
> part.
>
My gut feeling when I first read your message was that you're joking.
But, since it was a subtle joke, I got suspicious. Better to safe than
sorry. Anyway, I hardly believe the post is real. If they *at least*
offered to proof it, by exploiting any ip address provided, then it
would be a little more believable.

Cheers,

--
Giancarlo Razzolini
GPG: 4096R/77B981BC

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Chris Cappuccio
Giancarlo Razzolini [[hidden email]] wrote:
> My gut feeling when I first read your message was that you're joking.
> But, since it was a subtle joke, I got suspicious. Better to safe than
> sorry. Anyway, I hardly believe the post is real. If they *at least*
> offered to proof it, by exploiting any ip address provided, then it
> would be a little more believable.

Well you do have the exploit, after all. Proof it yourself. That's
the whole reason it's called "Proof of Concept"

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

jared r r spiegel
On Tue, May 06, 2014 at 02:32:16PM -0700, Chris Cappuccio wrote:
> Giancarlo Razzolini [[hidden email]] wrote:
> > My gut feeling when I first read your message was that you're joking.
> > But, since it was a subtle joke, I got suspicious. Better to safe than
> > sorry. Anyway, I hardly believe the post is real. If they *at least*
> > offered to proof it, by exploiting any ip address provided, then it
> > would be a little more believable.
>
> Well you do have the exploit, after all. Proof it yourself. That's
> the whole reason it's called "Proof of Concept"

  speaking of which, anyone else notice that the 'total 227K' is suspiciously
  less than the '236K icanhaze.c'?

  not like i know every detail of every filesystem ever made, but i haven't
  been able to find one so far where an 'ls -lah' equivalent output of a dir
  reports a size smaller than the largest file in the dir (or equivalent
  block count).

--

  jared

Reply | Threaded
Open this post in threaded view
|

Re: "icanhaze.c" OpenSSH exploit?

Theo de Raadt
In reply to this post by Dustin Lundquist-3
> On Tue, May 06, 2014 at 02:32:16PM -0700, Chris Cappuccio wrote:
> > Giancarlo Razzolini [[hidden email]] wrote:
> > > My gut feeling when I first read your message was that you're joking.
> > > But, since it was a subtle joke, I got suspicious. Better to safe than
> > > sorry. Anyway, I hardly believe the post is real. If they *at least*
> > > offered to proof it, by exploiting any ip address provided, then it
> > > would be a little more believable.
> >
> > Well you do have the exploit, after all. Proof it yourself. That's
> > the whole reason it's called "Proof of Concept"
>
>   speaking of which, anyone else notice that the 'total 227K' is suspiciously
>   less than the '236K icanhaze.c'?
>
>   not like i know every detail of every filesystem ever made, but i haven't
>   been able to find one so far where an 'ls -lah' equivalent output of a dir
>   reports a size smaller than the largest file in the dir (or equivalent
>   block count).

Three points to make.

1) I love how the hash shows up in the process.  Priceless.  Gotta love PAM.

2) Someone could buy the bug, and give it to us.

3) Or someone could just donate to the OpenBSD Foundation, and we can
   try to arrange a hackathon specifically for OpenSSH development....