Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lpd exploit?

From: WebFusion System Administrator <graeme.f () WEBFUSION CO UK>
Date: Fri, 8 Dec 2000 17:26:26 -0000
It was a polite request to everyone that they respect a coders

possibility

to publish such an exploit to a public arena where his situation can

be

explained. You make it look as if I coded it so script kiddies could

crack

boxes.


I didn't intend to do that - I simply followed up the so-far
uninteresting thread about LPRng exploits with the real code, which
people had been asking for. This is the first time I, and I reckon the
majority of the readers of VULN-DEV, have seen this code for real -
until now it's been vapourware.

It works. It's real. Now it can be discussed properly, and explained,
and patched. The sooner the better IMHO, and I will be looking at the
code over the weekend to see if I can cobble a patch together on my home
box. Having said that, my skills in that direction are a little poor...
I'm much better at spotting these things being run than actually coding
them in the first place (I'm a networks person, not a coder).


If you cannot respect that, fine...end of debate.


I do respect that, I was just a little taken aback by your email - as
you obviously were with mine.

Now it's out in the open you've got the perfect chance to explain away,
even if it has come rather sooner than you expected - for which I offer
my apologies.

I battle script kiddies every day of my working life, so if I can get a
head start on them, all well and good. Now I have one, thanks to an
untidy intruder, for this exploit...

Regards

Graeme
Previous By Date Next
Previous By Thread Next

Current thread: