Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock
From: Glenn Hamblin (ghamblin_at_gmail.com)
Date: 09/08/05
- Previous message: Peter Bruderer: "RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock"
- Maybe in reply to: Dave Cawley: "[Full-disclosure] Secuirty Hole Found In Dave's Sock"
- Next in thread: Swain, Kenneth: "RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 08 Sep 2005 10:14:05 -0700 To: full-disclosure@lists.grok.org.uk
I've black listed all communication with the Dave system until I can be
assured that this hole has been properly patched. A scan of my system
has found no such vulnerability. I am however also considering complete
un-installation of all sock from my system. While I wait for the vendor(s)
assurance that this problem has been solved.
Glenn
At 09:10 AM 9/8/2005, you wrote:
>Date: 9/8/2005
>
>Vulnerability Found: Hole In Dave's Socket
>
>Affected System: Dave's Right Sock
>
>Severity: Rating: Moderately Critical
> Impact: System access
> Where: Foot
>
>Description of Vulnerability: This morning while putting my socks
>on I found a small (1/4 inch) hole by my big toe. This could be
>exploited by a virus through the bottom of the foot or under the
>toe nail. This could be used to compromise Dave's entire system.
>
>Solution: No permanent solution is currently available. A work
>around is to wear the sock on the other foot to have the hole
>above the small toe where it will not be furthur enlarged, it
>will proboably fold over and partially cover the vulnerability.
>Permanent solution coming in either a sock darning or upgrading
>the unit to a new sock.
>
>Time Table: Found at 7:48am on Sept 8th, 1005
> Work around figured out at 7:49am on Sept 8th,
>2005
> Permanent Solution Pending
>
>Credits: Found by Dave
>
>References: No references available.
>
>
>***************************************************************
>Dave D. Cawley |
>High Speed Internet | The number of Unix installations
>Duryea, PA | has grown to 10, with more expected.
>(570)451-4311 x104 | - The Unix Programmer's Manual,1972
>dave.cawley@adelphia.com |
>***************************************************************
> URL => http://www.adelphia.net
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Anti-Virus.
>Version: 7.0.344 / Virus Database: 267.10.19/93 - Release Date: 9/8/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.19/93 - Release Date: 9/8/2005 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Peter Bruderer: "RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock"
- Maybe in reply to: Dave Cawley: "[Full-disclosure] Secuirty Hole Found In Dave's Sock"
- Next in thread: Swain, Kenneth: "RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
