Dailydave mailing list archives

Anonymized posting.

From: Dave Aitel <dave () immunitysec com>
Date: Sun, 23 May 2004 06:44:56 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://packetstormsecurity.org/0405-exploits/cvs_solaris_HEAP.c
http://packetstormsecurity.org/0405-exploits/cvs_linux_freebsd_HEAP.c

cvshome.org is still offline, and automated exploits are publically
available.  Patches do very little good when the vendor cannot keep
the distribution point online.

These obviously were not written post-publication of CAN-2004-0396.
They were infact written prior to the publication of CAN-2003-0015.
Makes you wonder what good the publication of either bug has done.

If security is a race condition, the good guys have just taken a beating.

Whoever they are.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAsICozOrqAtg8JS8RAhDwAJ9NAkXSMPDv1sZm+SpOFwDRYWAiegCfSj3Y
Creo49+8HP4e5zbAYztx+EM=
=sVy4
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Anonymized posting. Dave Aitel (May 14)
- <Possible follow-ups>
- Anonymized posting. Dave Aitel (May 23)
  - Re: Anonymized posting. Florian Weimer (May 23)
  - Re: Anonymized posting. Dave Aitel (May 23)