lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: SRT2003-06-12-0853 - ike-scan local root format string issue In most instances I provice in depth gdb details and more than enough information on the bug itself to allow those that need to write an exploit to do so. Full disclosure does not necessarily mean giving out fully working and possibly destructive exploit code. The government disclosed to us an Anthrax problem however they did not simply give you some anthrax to test if your local post office scanned for chemical materials. -KF easctun wrote: > Just out of curiosity, is the below considered Full Disclosure? When a user > has to write the auther for PoC code or further information? > > Thought I'd ask the list as it seems more knowledgeable than I. > > > --- > > >>This advisory was released by Secure Network Operations,Inc. as a matter >>of notification to help administrators protect their networks against >>the described vulnerability. Exploit source code is no longer released >>in our advisories. Contact research@...netops.com for information on how >>to obtain exploit information. >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists