Full Disclosure mailing list archives
Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
From: Dave Sherohman <esper () sherohman org>
Date: Wed, 18 Feb 2004 10:55:06 -0600
On Wed, Feb 18, 2004 at 08:29:49AM -0500, gabriel rosenkoetter wrote:
Oh, give me a break. Some developer went, "Oh, hey, I'm not bounds checking there. Okay, fix that," and the changes filtered out into the release of IE. You don't release "security patches" except in response to publication of a serious vulnerability, and especially in response to a problem that's systemic. This is *a* buffer overflow. Do we expect even Sun or Apple to tell us about every buffer overflow they fix? Hell, do we expect Linux or NetBSD to do so?
Funny that you should ask that on the same day that I (and this list) have received no fewer than four notices from Debian that they've released new versions of various kernel packages to fix *a* local root hole caused by not checking a function's return value. So, yes, I do expect my Linux distributor to tell me about every buffer overflow they fix - and they do, either with mail from the debian-security list or with Changelogs included in the packages. -- The freedoms that we enjoy presently are the most important victories of the White Hats over the past several millennia, and it is vitally important that we don't give them up now, only because we are frightened. - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft source code "leak", (continued)
- Microsoft source code "leak" Exibar (Feb 15)
- Re: Microsoft source code "leak" Joshua Levitsky (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 15)
- RE: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Aditya, ALD [Aditya Lalit Deshmukh] (Feb 16)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 17)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
- Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Dave Sherohman (Feb 18)
- RE: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Steve Wray (Feb 18)
- Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
- Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution insecure (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Bill Royds (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Phil Brutsche (Feb 18)
- RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)
- Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
- Microsoft source code "leak" Exibar (Feb 15)