Full Disclosure mailing list archives

Re: HP Tru64 dtmail bug - Really exploitable?

From: "K F (lists)" <kf_lists () digitalmunition com>
Date: Sun, 22 Oct 2006 15:49:22 -0400

Roman Medina-Heigl Hernandez wrote:


More or less according to HP advisory ("HPSBTU02163 SSRT061223") which
marks the impact as POTENTIAL ("Potential Security Impact: Local execution
of arbitrary code")


Don't mind the smoke and mirrors. HP always says that. Even with working 
root exploits in hand HP will release an advisory that say 'potential'.

don't believe me?

http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
http://downloads.securityfocus.com/vulnerabilities/exploits/TRU64_su.pl

funny how that works eh?

-KF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Netragard Security Advisories (Oct 17)
- Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 17)
  - Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
    - Message not available
    - Message not available
    - Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Roman Medina-Heigl Hernandez (Oct 20)
    - Re: [NETRAGARD-20060810 SECURITY ADVISORY] [HP Tru64 dtmail Unchecked Buffer - Local Root Compromise] [ http://www.netragard.com ] Netragard Security Advisories (Oct 20)
    - Message not available
    - HP Tru64 dtmail bug - Really exploitable? Roman Medina-Heigl Hernandez (Oct 22)
    - Re: HP Tru64 dtmail bug - Really exploitable? K F (lists) (Oct 22)