Vulnerability Development mailing list archives

Re: mIRC Buffer Overflow

From: Blue Boar <BlueBoar () thievco com>
Date: Sun, 03 Feb 2002 20:46:48 -0800

Joseph Pingenot wrote:


Maybe.  If Vendor doesn't release Patch, IMHO, publicizing the hole
  and then, maybe a while later, releasing the exploit is the proper
  way to go.  Be vocal about it and the reasons for posting it like that,
  and people will migrate to a different (hey, Free Software guarantees
  at least *someone* can make a patch, even if Vendor is too lazy)
  software, since they now know that Vendor does not care about security.


Which sums things up nicely.  (I don't want to start Yet Another Full
Disclosure Discussion.)

Policy of this list (and most lists that post vulnerability information)
is to allow the poster to determine when information goes out.  My 
only exception is for individual sites (i.e. Microsoft has a SQL
injection hole at this site...) vs. a product.  I may on occasion
encourage a poster to do different, but it is their decision.  

                                                BB

Current thread:

mIRC Buffer Overflow David Dorgan (Feb 03)
- Re: mIRC Buffer Overflow Syzop (Feb 03)
- Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
  - Re: mIRC Buffer Overflow Blue Boar (Feb 03)
    - Re: mIRC Buffer Overflow Blue Boar (Feb 03)
    - Re: mIRC Buffer Overflow Krish Ahya (Feb 03)
    - Re: mIRC Buffer Overflow Joseph Pingenot (Feb 03)
    - Re: mIRC Buffer Overflow Blue Boar (Feb 03)
    - Re: mIRC Buffer Overflow sould3mon (Feb 04)
- <Possible follow-ups>
- Re: mIRC Buffer Overflow eSDee (Feb 05)
  - Re: mIRC Buffer Overflow Hybrid (Feb 05)