| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Jan 2007 19:51:25 +0100 From: <sftsi@...hmail.com> To: <full-disclosure@...ts.grok.org.uk> Cc: Subject: It's all in the details, sapheal Dear sapheal@...k.pl, could you please supply a lot more details in the advisories that you post? They usually just say buffer overflow in DumbServer in crappyfunction(), and in case it's true and they are exploitable, it's very nice of you to discover them and tell everyone about them, but we want to see a lot more detail. What parts of the program call the vulnerable function, under what circumstances, under what configuration and compilation options, is the involved data considered trusted or untrusted, and finally, do you have any proof that the overflows are exploitable or are they just crashes that you believe to be exploitable? This goes for other people as well, not just sapheal. Regards and best wishes for the new year, SFTSI Evil Haxxx0rzzz Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists