[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4715FD15.9050101@s0ftpj.org>
Date: Wed, 17 Oct 2007 14:16:21 +0200
From: "KJK::Hyperion" <hackbunny@...tpj.org>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Re: Third-party patch for CVE-2007-3896, UPDATE NOW
KJK::Hyperion ha scritto:
> The present patch is dramatically under-tested and it has underwent no
> quality assurance procedure whatsoever, so please deploy with the
> greatest care.
Indeed, I just found a gruesome memory leak in it. A silly bug, brown
paperbag-grade shame. If you installed my patch, upgrade RIGHT THIS
MOMENT NOW or slowly die:
<http://spacebunny.xepher.net/hack/shellexecutefiasco/>
For the press guys watching: THIS IS VERY IMPORTANT, more important than
the original patch was. I don't expect "shitty patch actually shitty" to
seriously make the big headlines, but, hey, a heads up: there is a good
reason Microsoft takes a lot of time to put patches out, after all. I
don't do this for the reputation, either: I already made a U-turn on my
feelings about the vulnerability, I'm not too proud to admit my mistakes
(god knows how big the egos can get in FD)
Powered by blists - more mailing lists