lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 24 Apr 2007 17:26:59 -0500
From: Simple Nomad <thegnome@...c.org>
To: mike20061005@...mail.co.za
Cc: bugtraq@...urityfocus.com
Subject: Re: 3Com's TippingPoint Denial of Service

<snip>

> Details:
> ========
> 
> When quickly flooded with packets destined for port 80, and an incrementing
> source port this causes the software to consume a huge amount of CPU time,
> due to a badly written loop, causing the device to stop responding.

Any more details? Have you notified the vendor? As one who has released
lame advisories in the past, I had the decency to label them as lame.
Unless you provide some details or some collaboration with TippingPoint,
I will call shenanigans.

Here is my latest lame advisory:

A series of evil packets will cause me to have remote root access to
Windows, Linux, and MacOS/X. Due to the nature of the vulnerability, I
will not be releasing any details. In fact, it is so secret even *I*
don't know the details, but I am *positive* that when I see someone else
post my work, I should get full credit, right?

Right?

-SN



Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ