Full Disclosure mailing list archives
Re: Month of ActiveX Bug
From: bugtraq () cgisecurity net
Date: Tue, 1 May 2007 12:46:41 -0400 (EDT)
Ok 'most' is probably bad wording on my part how does 'often enough' sound :). "Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code" http://www.securityspace.com/smysecure/catid.html?id=57643 "Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup." http://cve.mitre.org/board/archives/2003-03/msg00013.html "A BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code." http://packetstorm.linuxsecurity.com/0703-advisories/CAID-McAfee.txt Note the use of 'possibly'. If it was possible then 'possibly' wouldn't be used. I'm not going to debate the validity of the month of activex bugs because frankly I don't care, merely that a DOS can turn out to be more and that at times either the researcher hasn't spent enough time on it, can't get the POC working, or lacks the skill to fully understand the problem. There have been multiple instances on the securityfocus lists throughout the years where a DOS suddenly became promoted to a remotely exploitable bug (i.e another person found it was actually exploitable). I'm not going to find them and post them here, but a little googling can yield results. - Robert http://www.cgisecurity.com/
Consider that most often a bug filed as DOS can actually beexploitable, but the person who discovered it can't get the POC working or is even aware it is. While command execution is the ideal goal it doesn't mean other types of issues are *completely* worthless. =20 Most often? How do you know that? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com=20
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Month of ActiveX Bug xxx xxx (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug bugtraq (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug Valdis . Kletnieks (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug bugtraq (May 01)
- Re: Month of ActiveX Bug Steven Adair (May 01)
- Re: Month of ActiveX Bug James Matthews (May 01)
- Re: Month of ActiveX Bug Goetz Von Berlichingen (May 06)
- Re: Month of ActiveX Bug bugtraq (May 01)
- Re: Month of ActiveX Bug Larry Seltzer (May 01)
- Re: Month of ActiveX Bug Dude VanWinkle (May 03)
- Re: Month of ActiveX Bug Larry Seltzer (May 03)
- Re: Month of ActiveX Bug Dude VanWinkle (May 03)
- Re: Month of ActiveX Bug Larry Seltzer (May 03)
- Re: Month of ActiveX Bug Dude VanWinkle (May 03)