lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e9d9d4020804172117k53fb4e8fyf186ef6a0eb81059@mail.gmail.com>
Date: Thu, 17 Apr 2008 23:17:14 -0500
From: reepex <reepex@...il.com>
To: "Luigi Auriemma" <aluigi@...istici.org>, full-disclosure@...ts.grok.org.uk
Subject: Re: Secunia Research: Lotus Notes Folio Flat File
	Parsing Buffer Overflows

I find it funny you are the one to complain about too many advisories when
you spam the list with sprintf and strcpy bugs you grepped for in random
applications everyday

On Tue, Apr 15, 2008 at 9:20 AM, Luigi Auriemma <aluigi@...istici.org>
wrote:

> > Autonomy Keyview Folio Flat File Parsing Buffer Overflows
> > Autonomy Keyview Applix Graphics Parsing Vulnerabilities
> > Autonomy Keyview EML Reader Buffer Overflows
> > activePDF DocConverter Folio Flat File Parsing Buffer Overflows
> > activePDF DocConverter Applix Graphics Parsing Vulnerabilities
> > Lotus Notes Applix Graphics Parsing Vulnerabilities
> > Lotus Notes Folio Flat File Parsing Buffer Overflows
> > Lotus Notes EML Reader Buffer Overflows
> > Lotus Notes kvdocve.dll Path Processing Buffer Overflow
> > Lotus Notes htmsr.dll Buffer Overflows
> > Symantec Mail Security Folio Flat File Parsing Buffer Overflows
> > Symantec Mail Security Applix Graphics Parsing Vulnerabilities
>
> 12 mails for the same library?
>
> >From what I have understood all the bugs are just in this Autonomy
> Keyview library so in my opinion reporting the same identical bugs in
> each software which uses this thirdy part component and additionally
> without saying that the problem in reality is in the library is wrong
> and leads to a lot of confusion.
>
> It's just like if someone finds a bug in zlib and releases 10000
> advisories, one for each program in the world which uses the library...
> the bug is not in these 10000 programs but only in zlib.
>
>
> ---
> Luigi Auriemma
> http://aluigi.org
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ