For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these "potential" issues. Once that process is done we will release the exploits we have been holding for several months. At that point will also be putting out a white paper explaining the 3 methods used to bypass the non-exec stack. Please note the 45 day CERT grace period has expired as well as an addtional complementary 8 day extension that Compaq requested. -KF P.S. cert-issues-071202.txt is probably the file you wanna read.
This archive was generated by hypermail 2b30 : Mon Sep 02 2002 - 11:40:25 PDT