Dailydave mailing list archives
Re: MSRPC vulnerability 1 billion and six?
From: Dave Aitel <daveaitel () tmail com>
Date: Thu, 17 Nov 2005 09:36:43 -0500
If you're exploiting out of memory issues in msrpc, you're deep sea fishing while there's still a lot of fish in your local reef.
Does your friend's muddle work better than unmidl.py? Unmidl isn't perfect, so it's always good to get tips about how to fix it.
I'm sure you sent all your research to ms for free as soon as you found it, right? Or did you think it was irresponsible for the worlds richest company not to assign someone to this problem?
Perhaps the lack of information in the official ms advisory is because they didn't want the world to know everything about a bug that's obvious enough to spot in 5 pre-coffee minutes?
Everytime a microsoft study comes out on how secure windows is, how low the total cost of ownership is, you have to wonder if consumers are going to take this sort of thing into account. Novell doesn't try to mislead their customers as to how extensive problems are in suse, do they?
--dave
Current thread:
- MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Alexander Sotirov (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Nicolas RUFF (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Thomas Lakofski (Nov 20)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)