Re: [HERT] Advisory #002 Buffer overflow in lsof

From: Theo de Raadt (deraadtat_private)
Date: Thu Feb 18 1999 - 16:11:41 PST

Next message: Aviram Jenik: "OT: Copyright on Security advisories"

Previous message: Robert Thomas: "Re: Netscape Communicator window spoofing bug"
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: Friedrichs, Oliver: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> People who publish bugs/exploits that are not being actively exploited
> *before* giving the vendor a chance to fix the flaws are clearly
> grandstanding.  They're part of the problem -- not the solution.

No.  The problem is badly written code.

It takes me about 2 minutes to find bugs in security related software.

I am assuming that I'm not the only person looking for these kinds of
bugs.

The REAL problem is software package maintainers who do not proactively
audit their software.

Next message: Aviram Jenik: "OT: Copyright on Security advisories"
Previous message: Robert Thomas: "Re: Netscape Communicator window spoofing bug"
Maybe in reply to: Anthony C . Zboralski: "[HERT] Advisory #002 Buffer overflow in lsof"
Next in thread: Friedrichs, Oliver: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:43 PDT