Full Disclosure mailing list archives

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: "J. Theriault" <administrator () maginetworks com>
Date: Wed, 11 Feb 2004 06:49:31 +0100

Les Ault wrote:

Apparently there are 7 upcoming advisories, and the oldest one is 93
days old.Link: http://www.eeye.com/html/Research/Upcoming/index.html


You forgot to mention that two "93days overdue" 153-days-since-reported
vulnerabilities are complete remote root for all server OSes...

I even feel sorry for their customers for this lack of service.

Actually, IIRC, I think that dawdling this long might even be illegalunder German law, something I'll have to look up later...




J. Theriault
administrator () maginetworks com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Papp Geza (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Richard M. Smith (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Byron Copeland (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Les Ault (Feb 10)
    - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Byron Copeland (Feb 10)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Benjamin Meade (Feb 10)
    - Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption) Spiro Trikaliotis (Feb 11)
    - Re: Microsoft credit policy (was: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption) CHS (Feb 11)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption J. Theriault (Feb 10)
    - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Scott Taylor (Feb 11)
    - Re: EEYE: Microsoft ASN.1 Library LengthOverflow Heap Corruption Tim Kowalsky (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Damian Gerow (Feb 10)
- <Possible follow-ups>
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption http-equiv () excite com (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Philippe (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Philippe (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joao Gouveia (Feb 11)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption cdowns (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption jeremy (Feb 11)
    - (kind of off topic) this book has been writen. is Mitnick a monkey or what? adam (Feb 11)

(Thread continues...)