| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070501164641.1603.qmail@cgisecurity.net> Date: Tue, 1 May 2007 12:46:41 -0400 (EDT) From: bugtraq@...security.net To: Larry@...ryseltzer.com (Larry Seltzer) Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Month of ActiveX Bug Ok 'most' is probably bad wording on my part how does 'often enough' sound :). "Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code" http://www.securityspace.com/smysecure/catid.html?id=57643 "Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup." http://cve.mitre.org/board/archives/2003-03/msg00013.html "A BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code." http://packetstorm.linuxsecurity.com/0703-advisories/CAID-McAfee.txt Note the use of 'possibly'. If it was possible then 'possibly' wouldn't be used. I'm not going to debate the validity of the month of activex bugs because frankly I don't care, merely that a DOS can turn out to be more and that at times either the researcher hasn't spent enough time on it, can't get the POC working, or lacks the skill to fully understand the problem. There have been multiple instances on the securityfocus lists throughout the years where a DOS suddenly became promoted to a remotely exploitable bug (i.e another person found it was actually exploitable). I'm not going to find them and post them here, but a little googling can yield results. - Robert http://www.cgisecurity.com/ > >>Consider that most often a bug filed as DOS can actually be > exploitable, but the person who discovered it can't get the POC working > or is even aware it is. While command execution is the ideal goal it > doesn't mean other types of issues are *completely* worthless. =20 > > Most often? How do you know that? > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.eweek.com/cheap_hack/ > Contributing Editor, PC Magazine > larryseltzer@...fdavis.com=20 > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists