lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 28 Apr 2011 14:39:48 -0700
From: ichib0d crane <themadichib0d@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Insect Pro - Advisory 2011 0428 - Zero Day -
 Heap Buffer Overflow in xMatters APClient

This isn't a zero day. This is a vulnerability. Being able to crash
the system is nothing compared to the effort needed to actually write
the exploit. What function is the heap overflow in? Did you guys even
bother to find out? How do I know this is even a heap overflow? Heck
you couldnt even overwrite a single register! How effective are
standard mitigations on the target? Are there even any?(if there isnt
and you couldnt overwrite a single reg theres something wrong with
you).

Cool fuzz story bro, tell it again, but a quick fuzz doesn't drop zero
days. A smart exploit WRITER drops zero days.

Come back once you stop being an amateur.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ