Hi all, Many people have asked us about an alleged proof of concept named "7etsuo-regreSSHion.c": it is not a proof of concept, it is essentially empty code (it might even be dangerous to compile and execute, we have not checked). It is not just the shellcode that is missing, everything else is missing too: the key-exchange code does nothing, the public-key code does nothing useful, etc etc.
It looks great but it does nothing. A working proof of concept for this vulnerability will be much longer and complex, and will take much more time to write than this. Thank you very much! With best regards, -- the Qualys Security Advisory team
