Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SE-2012-01] information regarding recently discovered Java 7 attack
From: Jacqui Caren <jacqui.caren () ntlworld com>
Date: Thu, 30 Aug 2012 08:54:45 +0100

On 29/08/2012 19:53, Jeffrey Walton wrote:
I once used DE Cert to report some issues with GnuPG on Windows.
Interestingly, I was asked to provide funding for the fix even though
I submitted sample code demonstrating the fix. (Crowd sourcing is a
myth - don't drink the Kool-aide).

When I worked for Cray, we found a mbuf allocation issue with solaris.
Ten or so ftp sssions in VERY rapid sucessions could kill a top of the range
sun server - kernel panic/shitty death everytime! :-)

We provided test case, and dev system dump analysis - and even worked out
the assembler tweak to the .a/.so required to eleminate the problem.

Sun's response? - Give us the 20K to fix it.

In the end we manually hacked the .a/.so and shipped the workaround to
our custsomers - IIRC sun fixed it some three or four years later but
it was fun to be able to kill any sun kit so easily using
nothing more a sequence of 20 or so SYN's.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]