[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] It's all in the details, sapheal

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] It's all in the details, sapheal
From: <sftsi@xxxxxxxxxxxx>
Date: Tue, 02 Jan 2007 19:51:25 +0100

Dear sapheal@xxxxxxx,

could you please supply a lot more details in the advisories that 
you post? They usually just say buffer overflow in DumbServer in 
crappyfunction(), and in case it's true and they are exploitable, 
it's very nice of you to discover them and tell everyone about 
them, but we want to see a lot more detail. What parts of the 
program call the vulnerable function, under what circumstances, 
under what configuration and compilation options, is the involved 
data considered trusted or untrusted, and finally, do you have any 
proof that the overflows are exploitable or are they just crashes 
that you believe to be exploitable?

This goes for other people as well, not just sapheal.

Regards and best wishes for the new year, SFTSI Evil Haxxx0rzzz




Concerned about your privacy? Instantly send FREE secure email, no account 
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities
Next by Date: [Full-disclosure] CarolinaCon 2007 - Call for Speakers/Papers
Previous by thread: [Full-disclosure] [ MDKSA-2007:001 ] - Update libmodplug packages fix buffer overflow vulnerabilities
Next by thread: [Full-disclosure] CarolinaCon 2007 - Call for Speakers/Papers
Index(es):
- Date
- Thread