lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030917153828.9FE866937@mdev.river.com>
From: rdump at river.com (Richard Johnson)
Subject: Re: openssh remote exploit

In article <3F6791B2.4080003@...evco.com>,
 Blue Boar <BlueBoar@...evco.com> wrote:

> Darren Reed wrote:
> > No.  Does a vulnerability need an exploit before it becomes a hole ?
> 
> A programming error needs to be exploitable before it can be conclusively 
> called a vulnerability or a hole.  One doesn't need to create an exploit 
> for it to be exploitable, but it rather nicely answers the question, 
> doesn't it?  It also often helps clarify what class of vulnerability it is.
> 
> None of which is news to you, you've been around a long time.  Are you 
> baiting trolls or what?


No, it's grinding of axes.  I think the blade on the one he's using is 
about gone, though.  Well, one can hope...


Richard

-- 
My mailbox. My property. My personal space. My rules. Deal with it.
                        http://www.river.com/users/share/cluetrain/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ