| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Apr 2009 16:54:00 -0400 From: Steve Shockley <steve.shockley@...ckley.net> To: ZDI Disclosures <zdi-disclosures@...pingpoint.com> Cc: bugtraq <bugtraq@...urityfocus.com> Subject: Re: ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability On 4/28/2009 4:39 PM, ZDI Disclosures wrote: > an attacker can overflow that buffer leading > to arbitrary code execution in the context of the SYSTEM user. > -- Disclosure Timeline: > 2007-09-14 - Vulnerability reported to vendor > 2009-04-28 - Coordinated public release of advisory WTF? What ever happened to using the threat of disclosure to get vendors to patch their bugs in a timely manner? They even released new major versions of the product during that time and they're still vulnerable. I guess responsible disclosure (from the consumer's point of view) isn't something polite corporations do.
Powered by blists - more mailing lists