Full Disclosure mailing list archives
Re: [SE-2012-01] information regarding recently discovered Java 7 attack
From: Jacqui Caren <jacqui.caren () ntlworld com>
Date: Thu, 30 Aug 2012 08:54:45 +0100
On 29/08/2012 19:53, Jeffrey Walton wrote:
I once used DE Cert to report some issues with GnuPG on Windows. Interestingly, I was asked to provide funding for the fix even though I submitted sample code demonstrating the fix. (Crowd sourcing is a myth - don't drink the Kool-aide).
When I worked for Cray, we found a mbuf allocation issue with solaris. Ten or so ftp sssions in VERY rapid sucessions could kill a top of the range sun server - kernel panic/shitty death everytime! :-) We provided test case, and dev system dump analysis - and even worked out the assembler tweak to the .a/.so required to eleminate the problem. Sun's response? - Give us the 20K to fix it. In the end we manually hacked the .a/.so and shipped the workaround to our custsomers - IIRC sun fixed it some three or four years later but it was fun to be able to kill any sun kit so easily using nothing more a sequence of 20 or so SYN's. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 28)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jacqui Caren (Aug 30)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Tim (Aug 29)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 31)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
- [SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations (Aug 31)