Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: openssh remote exploit

From: Richard Johnson <rdump () river com>
Date: Wed, 17 Sep 2003 09:38:26 -0600
In article <3F6791B2.4080003 () thievco com>,
 Blue Boar <BlueBoar () thievco com> wrote:


Darren Reed wrote:

No.  Does a vulnerability need an exploit before it becomes a hole ?


A programming error needs to be exploitable before it can be conclusively 
called a vulnerability or a hole.  One doesn't need to create an exploit 
for it to be exploitable, but it rather nicely answers the question, 
doesn't it?  It also often helps clarify what class of vulnerability it is.

None of which is news to you, you've been around a long time.  Are you 
baiting trolls or what?



No, it's grinding of axes.  I think the blade on the one he's using is 
about gone, though.  Well, one can hope...


Richard

-- 
My mailbox. My property. My personal space. My rules. Deal with it.
                        http://www.river.com/users/share/cluetrain/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: