oss-sec mailing list archives
Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
From: Joshua Rogers <oss () internot info>
Date: Fri, 24 Jul 2015 23:03:20 +1000
On 24/07/15 22:15, Martino Dell'Ambrogio wrote:
Moreover, as soon as systems can be patched, they should be. Of course a few hours delay is not realistic, but I want to be sure that everyone understands how much "releasing a working exploit *does not help anybody*" is false. I urge researchers to continue to release their exploits into the public domain. Do it "responsibly", maybe get help in order to do it correctly, but do it, because it's beneficial more than harmful to any potential target.
I concur. The releasing of PoC's are very important, for many reasons. It allows, as stated, the ability to pentest a system efficiently. I think in this case, it is inappropriate for a PoC to be released on the same day as the updates being pushed. As everybody knows, there are a lot of hacked boxes on the internet. Now someguy that has a botnet of local-users will be able to mass root all the boxes while the owners sleep, because they have been given no warning at all about this.. Even if 48 hours was waited before the PoC was released, it would be much better. That's just my 2cents anyways. Thanks, -- -- Joshua Rogers <https://internot.info/>
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Qualys Security Advisory (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Philip Pettersson (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Jamie Strandboge (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Kurt Seifried (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Martino Dell'Ambrogio (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Joshua Rogers (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brad Knowles (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Michal Zalewski (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Dave Horsfall (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brad Knowles (Jul 25)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Hanno Böck (Jul 26)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Philip Pettersson (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Leif Nixon (Jul 23)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser Brandon Perry (Jul 24)
- Re: Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser mancha (Jul 27)