lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dotslash at snosoft.com (KF)
Subject: SRT2003-06-12-0853 - ike-scan local root format
 string issue

In most instances I provice in depth gdb details and more than enough 
information on the bug itself to allow those that need to write an 
exploit to do so. Full disclosure does not necessarily mean giving out 
fully working and possibly destructive exploit code.

The government disclosed to us an Anthrax problem however they did not 
simply give you some anthrax to test if your local post office scanned 
for chemical materials.

-KF


easctun wrote:
> Just out of curiosity, is the below considered Full Disclosure? When a user
> has to write the auther for PoC code or further information?
> 
> Thought I'd ask the list as it seems more knowledgeable than I.
> 
> 
> --- 
> 
> 
>>This advisory was released by Secure Network Operations,Inc. as a matter
>>of notification to help administrators protect their networks against
>>the described vulnerability. Exploit source code is no longer released
>>in our advisories. Contact research@...netops.com for information on how
>>to obtain exploit information.
>>
>>
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 



Powered by blists - more mailing lists