Vulnerability Development mailing list archives

Re: Naphta - Exploit?

From: Steve <steve () SECURESOLUTIONS ORG>
Date: Tue, 12 Dec 2000 14:42:17 -0700

If you had readed yor mail more carefully, you'd realize razor said they
would only release the code to the vendors, which is IMHO, being
a DoS type
attack [script-kiddies delight], a reasonably security through obscurity
measure, because there is no apparently solution yet.

Hope vendors get patches or some kinda solution soon, so we can see the
appparently intresting naptha code.

--------------------------------teespy----------------------------


Actually, to further clarify.  As with most reports of vulnerabilities,
proof of concept code was supplied to each vendor via CERT.

This was not an attempt at security through obscurity but a common practice
in responsible full disclosure.

=====================
Steve Manzuik
Moderator
Win2KSecAdvice

Security Analyst
BindView RAZOR Team
====================

***This email contains my own thoughts and no one elses***

Current thread:

Naphta - Exploit? Latrin! (Dec 12)
- Re: Naphta - Exploit? teespy (Dec 13)
  - Re: Naphta - Exploit? Dom De Vitto (Dec 13)
  - Re: Naphta - Exploit? Steve (Dec 13)