funsec mailing list archives

Re: vulnerability overstatement

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 21 Jan 2010 07:41:17 -0500

VUPEN says 2/4:
http://www.vupen.com/english/advisories/2010/0179


Right, but if they had uncovered it, it would be a 4/4

The TO vulnerability is a cool and interesting one, but it's a local
privilege exploit that requires authentication. Every operating system
has had plenty of these over the last few years. 2/4 or 2/5 sounds about
right to me.

Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer () ziffdavis com 
http://blogs.pcmag.com/securitywatch/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: vulnerability overstatement, (continued)
- Re: vulnerability overstatement Charles Miller (Jan 20)
  - Re: vulnerability overstatement Larry Seltzer (Jan 20)
    - Re: vulnerability overstatement Larry Seltzer (Jan 20)
- Re: vulnerability overstatement Valdis . Kletnieks (Jan 20)
  - Re: vulnerability overstatement Larry Seltzer (Jan 20)
    - Re: vulnerability overstatement Paul Ferguson (Jan 20)
    - Re: vulnerability overstatement Larry Seltzer (Jan 20)
    - Re: vulnerability overstatement Paul Ferguson (Jan 20)
- Re: vulnerability overstatement Thomas Raef (Jan 20)
- Re: vulnerability overstatement Juha-Matti Laurio (Jan 21)
  - Re: vulnerability overstatement Larry Seltzer (Jan 21)
- Re: vulnerability overstatement Juha-Matti Laurio (Jan 21)