Dailydave mailing list archives
Advisory Day!
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 03 Mar 2004 14:12:29 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, it's time for another "advisory". As I don't believe advisories really accomplish anything, I'll move right along to the blatant product placement and grandstanding! :> Remember this bug? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0095 http://www.securityfocus.com/bid/9476/ Anyways, I didn't find that bug. A few months before that bug came out I was attached to ePolicy Orchestrator with Ollydbg, and tracing a request through it looking for ways to make it interoperate with other software. I found a simple stack overflow, similar to the one posted above, and fixed in the same patch. I'm pleased to say that this lets ePO interoperate with Immunity CANVAS (http://www.immunitysec.com/CANVAS/)! Anyways, if you run ePolicy Orchestrator, no doubt you will use your content distribution system to load the patch on it, now that you know it fixes more than a DoS. Alternatively, CANVAS can be used as a patch distribution system. :> RealSecure, NAI, etc - do bugs in security software products make everyone else laugh? Dave Aitel Immunity, Inc. P.S. (And if I had a shiny nickle for every time a software vendor told me they "already knew about the problem" or "have already patched that issue" while furiously writing a patch and doing QA, I'd be able to buy myself a lobster farm already.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFARi4czOrqAtg8JS8RAjLNAJ4/7z/YyOktHgqdd9QcgAr5RzhLqgCfdXeG V6BHfS/evUXJF+9xALDi1CA= =/cxb -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Advisory Day! Dave Aitel (Mar 03)
- Re: Advisory Day! Rodney Thayer (Mar 03)
- Re: Advisory Day! Tiago Assumpção (Mar 04)
- Re: Advisory Day! Rodney Thayer (Mar 04)
- Re: Advisory Day! Tiago Assumpção (Mar 04)
- <Possible follow-ups>
- Re: Advisory Day! arlen (Mar 04)
- Re: Advisory Day! Rodney Thayer (Mar 04)
- Re: Advisory Day! Nahual (Mar 04)
- Re: Advisory Day! david maynor (Mar 04)
- Dave Barry on computer security Tri Huynh (Mar 06)
- Re: Advisory Day! Rodney Thayer (Mar 03)