lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a0bba0809032020i1c2bba3dne66095afa9b6de07@mail.gmail.com>
Date: Thu, 4 Sep 2008 03:20:44 +0000
From: Shyaam <shyaam@...il.com>
To: redb0ne@...h.com
Cc: full-disclosure@...ts.grok.org.uk, contact.fingers@...il.com
Subject: Re: Google Chrome Browser Vulnerability

>
> Out of bound array accesses can be vulnerabilities because they can
>> in some cases result in code execution, but not in this case. In
>> this case, it is just an integer underflow that causes a
>> conditional to evaluate to true that shouldn't have and a byte or
>> two of memory being read out of bounds. There is no write, the
>> memory can't be leaked by an attacker, it is simply a crash.
>>
>> You can't even begin to compare a kernel denial of service to a
>> browser crash, killing a browser is a world away from taking down
>> an entire system. Let's face it, the last thing we need is someone
>> whoring out attention for every browser crash they come across.
>> Report it and be done with it, no one cares.
>
>
Cool!!! Thanks...

Shyaam

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ