Vulnerability Development mailing list archives
Re: lpd exploit?
From: Ron DuFresne <dufresne () WINTERNET COM>
Date: Fri, 8 Dec 2000 23:20:27 -0600
If as it was claimed that this exploit was found on a comromised system, it has already made it out to the 'public' so to speak. Thanks, Ron DuFresne On Fri, 8 Dec 2000, Theodor Ragnar Gislason wrote:
It was a polite request to everyone that they respect a coders possibility to publish such an exploit to a public arena where his situation can be explained. You make it look as if I coded it so script kiddies could crack boxes. I was not trying to ban it since the header clearly indicates that it can be distributed. If you cannot respect that, fine...end of debate. - DiGiT On Fri, 8 Dec 2000, Graeme Fowler wrote:DiGiT wrote:I would apreciate that neither you or anyone else publish my exploits to such a medium as this mailinglist or any sort of public arena.Why not? You quite clearly indicate in the copyright notice at the top of the code that:* Copyright (c) 2000 - Security.is * * The following material may be freely redistributed, provided * that the code or the disclaimer have not been partly removed, * altered or modified in any way. The material is the property * of security.is. You are allowed to adopt the represented code * in your programs, given that you give credits where it's due.That says 'freely distributed', right? That means (in my understanding) that I can freely distribute it providing I haven't changed or modified the code or disclaimer? Which I haven't done. That code was published exactly as-is, without modification. It also had to pass through the moderator of VULN-DEV prior to publishing; presumably if they thought there were a conflict in some way that the posting would not have been published to the list. I suspect that this thread could spin out of control if we're not careful, since we're going to enter the realms of the full-disclosure-versus-privacy argument. I found your kit on a server I was asked to investigate some problems with - along with code for about 60 other exploits - and following the non-appearance of any exploit code for LPRng on this list, published it - *after* consulting your copyright notice. If you object, change the notice. Have a good weekend Graeme
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Re: lpd exploit?, (continued)
- Re: lpd exploit? Ron DuFresne (Dec 04)
- Re: lpd exploit? Ryan Yagatich (Dec 04)
- Re: lpd exploit? John (Dec 07)
- Re: lpd exploit? John (Dec 07)
- Re: lpd exploit? Ron DuFresne (Dec 08)
- Re: lpd exploit? Graeme Fowler (Dec 09)
- Re: lpd exploit? Theodor Ragnar Gislason (Dec 09)
- Re: lpd exploit? Graeme Fowler (Dec 09)
- Re: lpd exploit? Theodor Ragnar Gislason (Dec 09)
- Re: lpd exploit? WebFusion System Administrator (Dec 09)
- Re: lpd exploit? Ron DuFresne (Dec 10)
- Re: lpd exploit? Ron DuFresne (Dec 08)
- Re: lpd exploit? Ron DuFresne (Dec 10)
- Re: lpd exploit? Bluefish (P.Magnusson) (Dec 11)
- Re: lpd exploit? Graeme Fowler (Dec 09)