| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Oct 2007 08:29:27 -0400 From: <full-disclosure@....hush.com> To: <full-disclosure@...ts.grok.org.uk>,<hackbunny@...tpj.org> Cc: bugtraq@...urityfocus.com Subject: Re: Third-party patch for CVE-2007-3896, UPDATE NOW -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nice catch. On Wed, 17 Oct 2007 08:16:21 -0400 "KJK::Hyperion" <hackbunny@...tpj.org> wrote: >KJK::Hyperion ha scritto: >> The present patch is dramatically under-tested and it has >underwent no >> quality assurance procedure whatsoever, so please deploy with >the >> greatest care. > >Indeed, I just found a gruesome memory leak in it. A silly bug, >brown >paperbag-grade shame. If you installed my patch, upgrade RIGHT >THIS >MOMENT NOW or slowly die: > ><http://spacebunny.xepher.net/hack/shellexecutefiasco/> > >For the press guys watching: THIS IS VERY IMPORTANT, more >important than >the original patch was. I don't expect "shitty patch actually >shitty" to >seriously make the big headlines, but, hey, a heads up: there is a >good >reason Microsoft takes a lot of time to put patches out, after >all. I >don't do this for the reputation, either: I already made a U-turn >on my >feelings about the vulnerability, I'm not too proud to admit my >mistakes >(god knows how big the egos can get in FD) > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcWACcACgkQqTTbVuUWvbIeJAQAjMVoG2QOfWjppdB4h8nIoXif0mLW B1UQMSl33D268aEePFAVANvrYnhSQMqjWpuwxLPwDjsW0jgGuGahj3wh6K0Y4C7LGZzw cBO2hPLyxTMYw6ZQS/iM0zYgmPuxz+N+dxsrqHFB2CV0JzKha3yPg02HEAVnmXlFV/RS S/iUqf8= =imp6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists