| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2007 21:20:33 -0400 From: "Jason Frisvold" <xenophage0@...il.com> To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net> Cc: stefan.kelm@...orvo.de, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: More information on ZERT patch for ANI 0day On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@...bell.net> wrote: > the community need that they are reacting to. Gadi and the crew work > hard and have my respect for their efforts. Agreed. Previous patches worked as advertised with no adverse side effects here. > If you are willing to evaluate the eEye patch, Zert's should be higher > on your list as well since reportedly it works better than eEye's. eEye's patch only protects from attacks outside of %systemroot%. If an attacker can place a vulnerable file within %systemroot%, all bets are off. ZERT's patch, on the other hand, protects regardless of where the file is located. It specifically prevents the stack overflow condition by blocking chunks larger than 36 bytes from being copied. > Regardless it's a moot point. The real patch is out. > Install that one. It's on Windows update now. ISC is reporting problems with the Microsoft patch. A problem with the Realtek HD Audio Control Panel has been confirmed and patched by Microsoft. Other problems have been reported but no additional information on them has been released at this point., -- Jason 'XenoPhage' Frisvold XenoPhage0@...il.com http://blog.godshell.com
Powered by blists - more mailing lists