oss-sec mailing list archives

Re: Re: strings / libbfd crasher

From: mancha <mancha1 () zoho com>
Date: Wed, 5 Nov 2014 21:31:11 +0000

On Tue, Nov 04, 2014 at 04:39:09AM -0500, cve-assign () mitre org wrote:

Four of the main factors that affect libbfd CVE assignments are:

  1. existence of a "multi-session" use case
  2. discussion of exploitability of a specific attack vector
  3. likelihood of exploitability of classes of observed behavior
  4. actual or expected volume of distinct discoveries

We'll try to give an example of each of these.


[SNIP]

Very interesting read. Thank you for taking the time to write it up.

--mancha

Attachment: _bin
Description:

Current thread:

Re: Re: strings / libbfd crasher, (continued)
- - - Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
    - Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
    - Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
    - Re: Re: strings / libbfd crasher Michal Zalewski (Nov 15)
    - Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
    - Re: Re: strings / libbfd crasher mancha (Nov 03)
    - Re: Re: strings / libbfd crasher Michal Zalewski (Nov 03)
    - Re: Re: strings / libbfd crasher mancha (Nov 03)
    - Re: strings / libbfd crasher cve-assign (Nov 04)
    - Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
    - Re: Re: strings / libbfd crasher mancha (Nov 05)
    - Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
    - Re: strings / libbfd crasher cve-assign (Nov 12)
  - Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 26)
    - Re: Re: strings / libbfd crasher Michal Zalewski (Oct 26)
    - Re: Re: strings / libbfd crasher Michal Zalewski (Oct 27)
    - Re: Re: strings / libbfd crasher Jakub Wilk (Oct 27)
    - Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 28)