Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Third-party patch for CVE-2007-3896, UPDATE NOW
From: "KJK::Hyperion" <hackbunny () s0ftpj org>
Date: Wed, 17 Oct 2007 14:16:21 +0200
KJK::Hyperion ha scritto:

The present patch is dramatically under-tested and it has underwent no
quality assurance procedure whatsoever, so please deploy with the
greatest care.


Indeed, I just found a gruesome memory leak in it. A silly bug, brown
paperbag-grade shame. If you installed my patch, upgrade RIGHT THIS
MOMENT NOW or slowly die:

<http://spacebunny.xepher.net/hack/shellexecutefiasco/>

For the press guys watching: THIS IS VERY IMPORTANT, more important than
the original patch was. I don't expect "shitty patch actually shitty" to
seriously make the big headlines, but, hey, a heads up: there is a good
reason Microsoft takes a lot of time to put patches out, after all. I
don't do this for the reputation, either: I already made a U-turn on my
feelings about the vulnerability, I'm not too proud to admit my mistakes
(god knows how big the egos can get in FD)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]