lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 25 Mar 2004 00:44:33 -0500
From: Dave Aitel <dave@...unitysec.com>
To: bugtraq@...urityfocus.com
Subject: Re: Immunity Advisory: Solaris local kernel root


Casper Dik wrote:

>I wonder why you even bother publishing this; at the time the document
>claims to have been written, half the listed Solaris revisions had already
>patches out for them; Solaris 10, which technically doesn't exist yet, had
>the bug already fixed in its most recent Solaris Express builds.
>  
>

By our math, January 22nd, 2004 is after December 2003, which is when 
this exploit was first made available to Vulnerability Sharing Club 
members. At that point there were no patches for any Solaris, as far as 
we were aware. We would like to think that the additional information we 
provided, including a working exploit, was valuable to many members of 
the information security community.

Thanks,
Dave Aitel
Vice President, Public and Media Relations
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking for non assembly programers"
646-327-8429

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ