lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [month] [year] [list] 
Date: Thu, 04 Oct 2007 14:16:02 -0400
From: iDefense Labs <labs-no-reply@...fense.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	vulnwatch@...nwatch.org
Subject: Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris
 FIFO FS Information Disclosure Vulnerability

Zaraza,

Thank you for pointing out the misleading text.  The vulnerability is a
signedness error which leads to information disclosure.  We have updated
the advisory to read as follows.

===
negative value can cause large amounts of kernel memory contents to be
disclosed.
===

VeriSign iDefense Labs

> From: 3APA3A <3APA3A_at_SECURITY.NNOV.RU>
> Date: Thu, 4 Oct 2007 20:38:51 +0400
> 
> Dear iDefense Labs,
> 
> Can you please clarify this issue? According to subject it looks like
> information leak (information disclosure) issue, while according to
> description, it looks more like memory leak (Denial of Service) issue.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux