[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
Subject: Re: [Full-disclosure] iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability
From: iDefense Labs <labs-no-reply@xxxxxxxxxxxx>
Date: Thu, 04 Oct 2007 14:16:02 -0400

Zaraza,

Thank you for pointing out the misleading text.  The vulnerability is a
signedness error which leads to information disclosure.  We have updated
the advisory to read as follows.

===
negative value can cause large amounts of kernel memory contents to be
disclosed.
===

VeriSign iDefense Labs

> From: 3APA3A <3APA3A_at_SECURITY.NNOV.RU>
> Date: Thu, 4 Oct 2007 20:38:51 +0400
> 
> Dear iDefense Labs,
> 
> Can you please clarify this issue? According to subject it looks like
> information leak (information disclosure) issue, while according to
> description, it looks more like memory leak (Denial of Service) issue.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Life cycle of a hacker by n3td3v
Next by Date: [Full-disclosure] [ GLSA 200710-01 ] RPCSEC_GSS library: Buffer overflow
Previous by thread: Re: [Full-disclosure] iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability
Next by thread: [Full-disclosure] FLEA-2007-0058-1 openssl openssl-scripts
Index(es):
- Date
- Thread