Vague free 0days!

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's interesting when you take a class of people, give them an
advisory, and they actually find a different bug than the one you
exploited for CANVAS.  I think when I originally exploited GoldenFTPD,
I had just run SPIKE on it, which put it in some weird state that
allowed another, completely different, overflow to happen. This is one
of the problems with vague advisories from all the vendors. You never
know if the bug you exploited is really fixed. Maybe you're giving out
free 0day!

Gotta run to class now, but I wanted to point out that, for those of
you willing to brave the harsh environment of Miami's South Beach,
we're doing two more classes soon.

*May 22-26 2006: Unethical Hacking <--this is not your grandmother's
pen-test certification class.
**July 24-28 2006: Heap Overflows     <--taught by Nicolas Waisman,
heap overflow god. I'll be taking it.

http://www.immunityinc.com/education-currentschedule.shtml

- -dave

*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEMzcJB8JNm+PA+iURAhWPAJ42S1eYICS/vIaudEBcWwKYP4rM+ACdHkQX
kMdCAUo7zBNnZL0zH2Reuyo=
=xd+S
-----END PGP SIGNATURE-----