Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Third-party patch for CVE-2007-3896, UPDATE NOW
From: "KJK::Hyperion" <hackbunny () s0ftpj org>
Date: Wed, 17 Oct 2007 14:16:21 +0200

KJK::Hyperion ha scritto:
The present patch is dramatically under-tested and it has underwent no
quality assurance procedure whatsoever, so please deploy with the
greatest care.

Indeed, I just found a gruesome memory leak in it. A silly bug, brown
paperbag-grade shame. If you installed my patch, upgrade RIGHT THIS
MOMENT NOW or slowly die:

<http://spacebunny.xepher.net/hack/shellexecutefiasco/>

For the press guys watching: THIS IS VERY IMPORTANT, more important than
the original patch was. I don't expect "shitty patch actually shitty" to
seriously make the big headlines, but, hey, a heads up: there is a good
reason Microsoft takes a lot of time to put patches out, after all. I
don't do this for the reputation, either: I already made a U-turn on my
feelings about the vulnerability, I'm not too proud to admit my mistakes
(god knows how big the egos can get in FD)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault