[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
- From: Jacqui Caren <jacqui.caren@xxxxxxxxxxxx>
- Date: Thu, 30 Aug 2012 08:54:45 +0100
On 29/08/2012 19:53, Jeffrey Walton wrote:
> I once used DE Cert to report some issues with GnuPG on Windows.
> Interestingly, I was asked to provide funding for the fix even though
> I submitted sample code demonstrating the fix. (Crowd sourcing is a
> myth - don't drink the Kool-aide).
When I worked for Cray, we found a mbuf allocation issue with solaris.
Ten or so ftp sssions in VERY rapid sucessions could kill a top of the range
sun server - kernel panic/shitty death everytime! :-)
We provided test case, and dev system dump analysis - and even worked out
the assembler tweak to the .a/.so required to eleminate the problem.
Sun's response? - Give us the 20K to fix it.
In the end we manually hacked the .a/.so and shipped the workaround to
our custsomers - IIRC sun fixed it some three or four years later but
it was fun to be able to kill any sun kit so easily using
nothing more a sequence of 20 or so SYN's.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/