lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20031210065443.28b35b12.pldaniels@pldaniels.com>
Date: Wed, 10 Dec 2003 06:54:43 +1000
From: Paul L Daniels <pldaniels@...aniels.com>
To: bugtraq@...urityfocus.com
Subject: Re: ebola 0.1.4 remote exploit


Please note that this has also been fixed in 0.1.5 which has been available now for well over a week (Thanks to KF's
work at Snosoft).

There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls through out the codebase.  These have all
been changed over to the safer usage of snprintf().  Certainly there may still be more exploits in the codebase as the
codebase is no longer actively maintained (apart from when I receive bug/exploit reports), hence it would only be
productive to use the latest release for your hunting.

Furthermore, I believe there's a proceedure and protocol for disclosure of bugs/exploits, please, I would appeciate it
if in future that was used.

Regards.

-- 
Paul L Daniels    http://www.pldaniels.com
Linux/Unix systems    Internet Development
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
A.B.N. 19 500 721 806

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ