| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <503F1C45.2030508@ntlworld.com> Date: Thu, 30 Aug 2012 08:54:45 +0100 From: Jacqui Caren <jacqui.caren@...world.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: [SE-2012-01] information regarding recently discovered Java 7 attack On 29/08/2012 19:53, Jeffrey Walton wrote: > I once used DE Cert to report some issues with GnuPG on Windows. > Interestingly, I was asked to provide funding for the fix even though > I submitted sample code demonstrating the fix. (Crowd sourcing is a > myth - don't drink the Kool-aide). When I worked for Cray, we found a mbuf allocation issue with solaris. Ten or so ftp sssions in VERY rapid sucessions could kill a top of the range sun server - kernel panic/shitty death everytime! :-) We provided test case, and dev system dump analysis - and even worked out the assembler tweak to the .a/.so required to eleminate the problem. Sun's response? - Give us the 20K to fix it. In the end we manually hacked the .a/.so and shipped the workaround to our custsomers - IIRC sun fixed it some three or four years later but it was fun to be able to kill any sun kit so easily using nothing more a sequence of 20 or so SYN's. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists