Re: Apache Worm?

From: Raistlin (raistlin@gioco.net)
Date: 06/21/02


From: "Raistlin" <raistlin@gioco.net>
To: <vuln-dev@securityfocus.com>
Date: Fri, 21 Jun 2002 13:46:00 +0200


> Correct, reporting a vulnerability is the right thing to do, we are in
> raging agreement. But purposely *NOT* contacting the vendors involved
> because for some stupid immature reason your "don't trust them" and then
> doing a press release on the vulnerability is not the right thing to do.

Expecially if you provide a patch which doesn't patch correctly the bug.

Bad move indeed, ISS.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys



Relevant Pages

  • Re: Microsoft Explorer Denial of Service
    ... Is this the same GIF vuln that's already been talked about. ... I'm not against FD if conducted responsibly, but by not contacting the vendor you're acting in an irresponsible manner. ... Vulnerability has not been tested on other versions of Microsoft Windows ... A vulnerability has been found in Microsoft Explorer for Windows XP, ...
    (Bugtraq)
  • [Full-disclosure] SECURITY.NNOV: Panda Platinum Internet Security
    ... We've been advised about the vulnerability. ... I'm contacting you only to ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Towards a responsible vulnerability process
    ... I work closely with the vulnerability response process at Microsoft, ... vendors" is being hopelessly overly general. ... and not all of them lead to widespread attacks. ...
    (NT-Bugtraq)
  • CERT Advisory CA-2002-10 Format String Vulnerability in rpc.rwalld
    ... A format string vulnerability may permit an intruder to ... execute code with the privileges of the rwall daemon. ... which would trigger the rwall daemon's error message. ... Appendix A contains information provided by vendors for this advisory. ...
    (Cert)
  • CERT Advisory CA-2002-10 Format String Vulnerability in rpc.rwalld
    ... A format string vulnerability may permit an intruder to ... execute code with the privileges of the rwall daemon. ... which would trigger the rwall daemon's error message. ... Appendix A contains information provided by vendors for this advisory. ...
    (Cert)