lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 03 Apr 2007 18:27:59 -0700
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
To: Jason Frisvold <xenophage0@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	stefan.kelm@...orvo.de
Subject: Re: More information on ZERT patch for ANI 0day

And there's a patch for that Realtek already to go on the download 
site.  (read the caveat section).  So far all I've seen/heard is that one.

This is patching 7 graphics items not just the one. ...that's 6 more 
things the folks that throw at me from those Metasploit modules ;-)

Jason Frisvold wrote:
> On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> <sbradcpa@...bell.net> wrote:
>> the community need that they are reacting to.  Gadi and the crew work
>> hard and have my respect for their efforts.
>
> Agreed.  Previous patches worked as advertised with no adverse side
> effects here.
>
>> If you are willing to evaluate the eEye patch, Zert's should be higher
>> on your list as well since reportedly it works better than eEye's.
>
> eEye's patch only protects from attacks outside of %systemroot%.  If
> an attacker can place a vulnerable file within %systemroot%, all bets
> are off.
>
> ZERT's patch, on the other hand, protects regardless of where the file
> is located.  It specifically prevents the stack overflow condition by
> blocking chunks larger than 36 bytes from being copied.
>
>> Regardless it's a moot point.  The real patch is out.
>> Install that one.  It's on Windows update now.
>
> ISC is reporting problems with the Microsoft patch.  A problem with
> the Realtek HD Audio Control Panel has been confirmed and patched by
> Microsoft.  Other problems have been reported but no additional
> information on them has been released at this point.,
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists