Bugtraq mailing list archives
Re: SANS Flash: Most dangerous flaw found in Windows workstations, Fix available.
From: cert () CERT ORG (CERT Coordination Center)
Date: Tue, 18 Jul 2000 18:01:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Tuesday, July 18, 2000 1:31 PM -0700 aleph1 () SECURITYFOCUS COM wrote:
Its also silly for SANS to call this the "most dangerous flaw found in Windows workstations". It this a dangerous flaw? Yes, very much so. But there have been flaws in the past that have been worse. For example, the MIME buffer overflow in email clients such as Netscape and Outlook. Remember for this problem to work you need to have Access installed.
The CERT Coordination Center encourages people not to engage in hyperbole or exaggeration when disseminating vulnerability information. It only serves to muddy the water and make the difficult job of prioritization of security management tasks that much harder.
I would also caution anyone from using a vulnerability to patch a vulnerability. Most vulnerabilities are bugs and do not have well defined behavior. As such trying to use is as a mechanism to apply fixes is a risky proposition. While certainly an intriguing if well known idea it may not perform reliably and you will be left with a false sense of security if it fails to fix the problem.
We concur. In addition to the problems you mention, some sites may choose to live with the risk of being vulnerable in exchange for some desired functionality. A virus that "fixes" a problem for one site may escape and have serious negative consequences for another site. We strongly discourage this type of behavior, no matter how altruistically motivated. Shawn Shawn Hernan svh () cert org Vulnerability Handling Team Leader CERT Coordination Center -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOXTTilr9kb5qlZHQEQLXHgCg1g0kI3Ep6oAW5aP8rcL4qI3j6EoAoOnz /gMANxF+95BAW1CPx+mz52PG =ZnNW -----END PGP SIGNATURE-----
Current thread:
- Re: SANS Flash: Most dangerous flaw found in Windows workstations, Fix available. Elias Levy (Jul 18)
- Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients Ussr Labs (Jul 18)
- Re: SANS Flash: Most dangerous flaw found in Windows workstations, Fix available. CERT Coordination Center (Jul 18)