lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <021e01c333f9$6a77df60$c71121c2@exchange.sharpuk.co.uk>
From: DaveHowe at gmx.co.uk (Dave Howe)
Subject: SRT2003-06-12-0853 - ike-scan local root format string issue

easctun wrote:
> Just out of curiosity, is the below considered Full Disclosure? When
> a user has to write the auther for PoC code or further information?
Yes, it is. we may not like it - but it is the absolute right of the finder
to release as much or as little of the exploit and/or advisory as they want
to, when they want to (bearing in mind reasonable notification of the vendor
of course)
Any finder is as entitled to post "bug found, vendor $VENDOR notified,
details may follow later" as a disclosure; obviously, that will impact both
their credibility and the ability of scanner authors (for instance nessus
plugins) to add pattern checkers for that bug, but as long as they aren't
spreading FUD they are fine (forcing more disclosure is as pro-censorship as
preventing a fuller disclosure :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ