Vulnerability Development mailing list archives
Re: Potential hole in Ettercap 0.6.2
From: Jonathan Bloomquist <bocasolutions () yahoo com>
Date: Tue, 4 Dec 2001 14:22:45 -0800 (PST)
--- Michal Zalewski <lcamtuf () coredump cx> wrote:
On Tue, 4 Dec 2001, Blue Boar wrote:Goobles sent another post to vuln-dev today, whichwas rejected due topersonal attacks in their note.
--snip--
I hate to say so, but maybe it is time to ignore him? Instead of forwarding posts or excerpts or notification about yet another vulnerability in a discontinued line of scientific calculators, command-line buffer overflow / format string bug in a program that is not supposed to be setuid, claims that a failure to log authentication failure is a "remote root exploit", or an advisory on data leak as revelant to the security of your system as disclosing your system time or username by Sendmail in mail headers? I am not saying we should ignore valuable research if it does not conform to some "style guidelines", or that we should reject such very minor (and often unverified) bug reports if described in an acceptable manner, but if it does not have any value and lacks style, it is just sad.
I think the guidelines are pretty well outlined in the FAQ: /* Please follow the below guidelines on what kind of information should be posted to the VULN-DEV list: "I think I've found a new hole.." "Here's a script to exploit the hole.." "I can verify that it dumps core on my machine, too" "Here's what I see in the debugger.." "This is how I figured it out" Basically, we want to facilitate people being able to verify and take advantage of holes. The word "hole" is used deliberately, and it refers to a bug that has a potential security impact. You may very well find a buffer overflow in a program, but if it's never used in a security context (SETUID, part of a CGI script, etc..) then it's probably not appropriate for the list. If you're not sure if it applies or not, go ahead and post it. If it's not security related, then either the moderator will stop it or the list members will point it out. */ Personal attacks are pretty clearly off-topic and if the continuing spirit of GOBBLES revelations seems to be tongue-in-cheek, well I say flush the troll. __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com
Current thread:
- Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Blue Boar (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Jonathan Bloomquist (Dec 04)
- Proof of concept for the format bug in Ettercap 0.6.2 BAILLEUX Christophe (Dec 05)
- <Possible follow-ups>
- Re:Potential hole in Ettercap 0.6.2 w1re p4ir (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 Jose Nazario (Dec 04)
- Message not available
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re:Potential hole in Ettercap 0.6.2 ALoR (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Michal Zalewski (Dec 04)
- Re: Potential hole in Ettercap 0.6.2 Melsa (Dec 04)