Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [HERT] Advisory #002 Buffer overflow in lsof

From: route () RESENTMENT INFONEXUS COM (route () RESENTMENT INFONEXUS COM)
Date: Thu, 18 Feb 1999 16:46:17 -0800

[Gene Spafford wrote]
|
| People who publish bugs/exploits that are not being actively exploited
| *before* giving the vendor a chance to fix the flaws are clearly
| grandstanding.  They're part of the problem -- not the solution.
|

    Who is to say the vulnerability in question was NOT being exploited
    prior to release?  Odds are it was.  Bugtraq is a full-diclosure list.
    The `problem` as you succinctly put it is in *non-disclosure*.  While
    it is still questionable whether or not the original posters found the bug
    themselves (the advisory lacked any technical detail) calling them part of
    the problem is a misfire of your disdain (attacking them on the content
    of the advisory --or lack thereof-- is a much better call).  The problem,
    in this case, would be the malevolent individual(s) breaking into your
    machine exploiting this bug (before or after it was disclosed).

    Don't shoot the messenger.
--
I live a world of paradox... My willingness to destroy is your chance for
improvement, my hate is your faith -- my failure is your victory, a victory
that won't last.
Previous By Date Next
Previous By Thread Next

Current thread: