| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2007 22:39:54 -0400 From: "Jason Frisvold" <xenophage0@...il.com> To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, stefan.kelm@...orvo.de Subject: Re: More information on ZERT patch for ANI 0day On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@...bell.net> wrote: > And there's a patch for that Realtek already to go on the download > site. (read the caveat section). So far all I've seen/heard is that one. Yes, I forgot to mention the patch. > This is patching 7 graphics items not just the one. ...that's 6 more > things the folks that throw at me from those Metasploit modules ;-) And of the seven vulnerabilities, the .ANI vulnerability is the only one I'm aware of that's being actively exploited. Four of the vulnerabilities are local privilege escalations that, while dangerous, aren't quite as dangerous as the ANI problem. While I agree that using the MS patch now that it's out is definitely recommended, I would argue that if the patch is causing problems that can't be worked around, using the ZERT patch in the meantime is definitely an option. And prior to the MS patch being released, the ZERT patch was a great resource to have out there. -- Jason 'XenoPhage' Frisvold XenoPhage0@...il.com http://blog.godshell.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists