Full Disclosure mailing list archives
Re: SRT2003-06-12-0853 - ike-scan local root format string issue
From: KF <dotslash () snosoft com>
Date: Sat, 14 Jun 2003 01:02:55 -0400
In most instances I provice in depth gdb details and more than enough information on the bug itself to allow those that need to write an exploit to do so. Full disclosure does not necessarily mean giving out fully working and possibly destructive exploit code.
The government disclosed to us an Anthrax problem however they did not simply give you some anthrax to test if your local post office scanned for chemical materials.
-KF easctun wrote:
Just out of curiosity, is the below considered Full Disclosure? When a user has to write the auther for PoC code or further information? Thought I'd ask the list as it seems more knowledgeable than I.---This advisory was released by Secure Network Operations,Inc. as a matter of notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer released in our advisories. Contact research () secnetops com for information on how to obtain exploit information._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SRT2003-06-12-0853 - ike-scan local root format string issue KF (Jun 12)
- Re: SRT2003-06-12-0853 - ike-scan local root format string issue easctun (Jun 13)
- Re: SRT2003-06-12-0853 - ike-scan local root format string issue KF (Jun 13)
- Re: SRT2003-06-12-0853 - ike-scan local root format string issue KF (Jun 13)
- Re: SRT2003-06-12-0853 - ike-scan local root format string issue Dave Howe (Jun 16)
- Re: SRT2003-06-12-0853 - ike-scan local root format string issue easctun (Jun 13)