Hey, Is Bugtraq the right forum to report stupid overflows in yet another shareware win95 mail/ftp server, fetched from huge commercial crapware repositories like download.com / shareware.com / others? Everyone can download the newest software, connect and look what happens when you send 7321 a's -- voila, the next advisory to Bugtraq is done. Companies who pretend to do security research (like ussr) should do better than that (at least they switch their advisory template every second time). Where's the security risk? If the software is rarely used, if no exploits are widespread, why bother informing the security community about some buffer just because it's too small. Add an exploit if you want to gain popularity - I personally do not encourage such postings here. Edi
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:21 PDT