lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <463DFBFE.6070409@comcast.net>
Date: Sun, 06 May 2007 10:02:06 -0600
From: Goetz Von Berlichingen <goetzvonberlichingen@...cast.net>
To: steven@...urityzone.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...security.net
Subject: Re: Month of ActiveX Bug

Steven Adair wrote:
> However, regardless of whether it results in remote code execution, I
> don't think a DoS should necessarily be discounted as frivolous or
> irrelevant.  It might not rank up there with critical or high
> vulnerabilities, but it is a vulnerability nonetheless.

   The severity of a DOS is entirely context dependent.  That's why 
software users need to informed about the DOS so they can decide how 
critical it is in their context.  A home user who rarely uses an ActiveX 
.ocx may consider a DOS of that feature negligible.  If that ocx 
(probably not a PowerPoint viewer) is used in controlling a catalytic 
cracker, then a DOS is a lot more serious.

Goetz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ