Full Disclosure mailing list archives
It's all in the details, sapheal
From: <sftsi () hushmail com>
Date: Tue, 02 Jan 2007 19:51:25 +0100
Dear sapheal () hack pl, could you please supply a lot more details in the advisories that you post? They usually just say buffer overflow in DumbServer in crappyfunction(), and in case it's true and they are exploitable, it's very nice of you to discover them and tell everyone about them, but we want to see a lot more detail. What parts of the program call the vulnerable function, under what circumstances, under what configuration and compilation options, is the involved data considered trusted or untrusted, and finally, do you have any proof that the overflows are exploitable or are they just crashes that you believe to be exploitable? This goes for other people as well, not just sapheal. Regards and best wishes for the new year, SFTSI Evil Haxxx0rzzz Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- It's all in the details, sapheal sftsi (Jan 02)