Bugtraq mailing list archives
Re: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Thu, 06 Feb 2003 18:42:51 +0100
"John Howie" <JHowie () securitytoolkit com> writes:
I think your decision to ask Microsoft first is a sign of your prejudice, why not ask the Open Source communities to lead the way?
Speaking of the "Open Source" community, I'd really like to see them following Microsoft's lead in the advisory writing business. Their notifications are converging towards something useful, and it's only a question of time when they will start to describe how to block attacks on the network layer if possible, and how to employ their own products to protect infrastructure even if you can't immediately apply a patch. For software distributed in source code, you can reverse-engineer this information by examining the source code changes, but that's beyond the skills of the average sysadmin. And for a typical free software zoo, it's coming close to a full-time job as well. If those who really understand and fix the bugs could provide such information (e.g. rough requirements for attack such as access to certain TCP ports, the security context injected code runs in, indirectly affected products, proof-of-concept exploits to independently check vendor fixes), those "Open Source" enthusiasts might actually claim that their bug squashing process is superior. Currently, the way security defects are resolved sucks badly: The information is accessible, somehow, somewhere, but no one takes the trouble to make it accessible to the average sysadmin. Or is everyone busy catering to their paying customers, and sharing information would just reduce the perceived value the customers receive? -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Current thread:
- FW: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Jason Coombs (Feb 06)
- <Possible follow-ups>
- RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) John Howie (Feb 06)
- Re: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Florian Weimer (Feb 06)
- RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Jason Coombs (Feb 07)