[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] openssh remote exploit

To: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] openssh remote exploit
From: Blue Boar <BlueBoar@xxxxxxxxxxx>
Date: Tue, 16 Sep 2003 15:41:54 -0700

Darren Reed wrote:

No. Does a vulnerability need an exploit before it becomes a hole ?

A programming error needs to be exploitable before it can be conclusively called a vulnerability or a hole. One doesn't need to create an exploit for it to be exploitable, but it rather nicely answers the question, doesn't it? It also often helps clarify what class of vulnerability it is.

None of which is news to you, you've been around a long time. Are you baiting trolls or what?

BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Re: openssh remote exploit
  - From: Richard Johnson

References:
- Re: [Full-Disclosure] openssh remote exploit
  - From: Darren Reed

Prev by Date: [Full-Disclosure] GLSA: openssh (200309-11)
Next by Date: RE: [Full-Disclosure] EXPLOIT : RPC DCOM (MS03-039)
Previous by thread: Re: [Full-Disclosure] openssh remote exploit
Next by thread: [Full-Disclosure] Re: openssh remote exploit
Index(es):
- Date
- Thread