Full Disclosure mailing list archives
RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
From: "Geo." <geoincidents () getinfo org>
Date: Wed, 11 Feb 2004 11:54:25 -0500
Resolution of vulnerabilities is not the same thing as technical detail
_disclosure_ of details about the vulnerability.<< Ok they are not the same but it is the _details_ that are important, we aren't taking about point and click PoC code, we are talking about details of the flaw. This is a library function, so how do you know what else it might affect or if other libraries on other OS may have the same (remember POD?) sort of issues?
But full detail bulletins should lag the initial release of the patch by
some number of weeks/months.<< But then nobody else who has a similar product or uses the same library but maybe not the specific function can tell if their product also requires an update, so you want to set them back by a number of weeks/months? You are assuming that a vulnerability affects only one vendor but by doing so you may be slowing down the release of patches for other products can also be affected.
As far as Eeye having a stockpile of Microsoft vulnerabilities and I
would assume lab code that can exersize them, doesn't bother me as much<< If you were in competition with Microsoft on some Windows product, would Microsoft constantly having multiple backdoors to any of your systems worry you? Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Marc Maiffret (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Paul Tinsley (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Geo. (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Paul Tinsley (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Geo. (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Bill Royds (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Geo. (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Paul Tinsley (Feb 11)
- <Possible follow-ups>
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption macmanus (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption bart2k (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Bit String Heap Corruption nick danger (Feb 11)