Vulnerability Development mailing list archives
Re: Some work needed
From: Luis Pinto <lmpinto () STUDENT DEI UC PT>
Date: Mon, 7 Aug 2000 22:40:37 +0000
On Sun, 6 Aug 2000, Michal Zalewski wrote:
It's just another BQ cross-post, but I guess this is the right forum. I attached sperl up to 5.06 (I mean, all current versions) exploit.
Great. sperl5.00503 ships with RedHat 6.2, dont know about other
distros. That means we have one working exploit for the latest distro,
being used in hundreds of multi user machines, some of them dependent on
sperl.
Some of them mine.
And yet, you release this exploit? Have you notified anyone? I
dont know if Larry Wall still takes care of it, at least with bug reports,
but I doubt he has been notified.
Unfortunately, it's poorly written - slow shell-script doing some brute-forcing, probably working only on fast Linux / BSD boxes.
It works - it is bad enough.
I will save the rants about the difference between responsability
and full disclosure for some other time...
--
Regards,
Luis Pinto
--------------------------------------------------------------------------
(o_ http://student.dei.uc.pt/~lmpinto
//\ ICQ #15663369 - Finger for PGP key
V_/_ Linux fundamentalist - and an average chauvinistic male.
--------------------------------------------------------------------------
Bizoos, n.:
The millions of tiny individual bumps that make up a basketball.
-- Rich Hall, "Sniglets"
Current thread:
- Some work needed Michal Zalewski (Aug 06)
- Re: Some work needed Jonathan Leto (Aug 07)
- Re: Some work needed Michal Zalewski (Aug 08)
- Re: Some work needed White Vampire (Aug 09)
- Re: Some work needed Luis Pinto (Aug 08)
- Re: Some work needed White Vampire (Aug 09)
- Re: Perl exploit (was: Some work needed) Rafal Wojtczuk (Aug 08)
- Re: Some work needed Jonathan Leto (Aug 07)