deraadtat_private wrote: > However, this bug does not by itself provide anyone with a way to gain > elevated priviledges and greater control of the system. That is what > most of us normally call an 'exploit', or has the lingo changed > recently? If you consider denial-of-service an attack, then I consider anon-privileged system crasher an exploit. However, I agree you that no Bugtraq reader should be "appalled" or even surprised when the occasional buffer overflow, improper typecast, etc. is found that crashes a system. (Heck, one even shows up in good old OpenVMS now and then!) > Also, please see > www.openbsd.org/security.html > > for information on other security fixes which are far more important, > yet strangely have not reached BUGTRAQ like this report did. Bugtraq is for reporting new vulnerabilities, not rehashing those whichhave already been announced. In other words, you found 'em before we did ;) Joshua Cope ------------------------------------------------------------ The above opinions and information not necessarily those of Digital Equipment Corporation or Compaq. ------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:51 PDT