lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <924f29280704031820j3f40dc78m688b58f3b6bc81c7@mail.gmail.com>
Date: Tue, 3 Apr 2007 21:20:33 -0400
From: "Jason Frisvold" <xenophage0@...il.com>
To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	stefan.kelm@...orvo.de
Subject: Re: More information on ZERT patch for ANI 0day

On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<sbradcpa@...bell.net> wrote:
> the community need that they are reacting to.  Gadi and the crew work
> hard and have my respect for their efforts.

Agreed.  Previous patches worked as advertised with no adverse side
effects here.

> If you are willing to evaluate the eEye patch, Zert's should be higher
> on your list as well since reportedly it works better than eEye's.

eEye's patch only protects from attacks outside of %systemroot%.  If
an attacker can place a vulnerable file within %systemroot%, all bets
are off.

ZERT's patch, on the other hand, protects regardless of where the file
is located.  It specifically prevents the stack overflow condition by
blocking chunks larger than 36 bytes from being copied.

> Regardless it's a moot point.  The real patch is out.
> Install that one.  It's on Windows update now.

ISC is reporting problems with the Microsoft patch.  A problem with
the Realtek HD Audio Control Panel has been confirmed and patched by
Microsoft.  Other problems have been reported but no additional
information on them has been released at this point.,

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0@...il.com
http://blog.godshell.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ