lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTi=Mz1X5a6mq=1U=Rkb2y=KnAFkp9g@mail.gmail.com> Date: Thu, 28 Apr 2011 14:39:48 -0700 From: ichib0d crane <themadichib0d@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient This isn't a zero day. This is a vulnerability. Being able to crash the system is nothing compared to the effort needed to actually write the exploit. What function is the heap overflow in? Did you guys even bother to find out? How do I know this is even a heap overflow? Heck you couldnt even overwrite a single register! How effective are standard mitigations on the target? Are there even any?(if there isnt and you couldnt overwrite a single reg theres something wrong with you). Cool fuzz story bro, tell it again, but a quick fuzz doesn't drop zero days. A smart exploit WRITER drops zero days. Come back once you stop being an amateur. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists