Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: lpd exploit?
From: Ron DuFresne <dufresne () WINTERNET COM>
Date: Fri, 8 Dec 2000 23:20:27 -0600
If as it was claimed that this exploit was found on a comromised system,
it has already made it out to the 'public' so to speak.

Thanks,

Ron DuFresne

On Fri, 8 Dec 2000, Theodor Ragnar Gislason wrote:


It was a polite request to everyone that they respect a coders possibility
to publish such an exploit to a public arena where his situation can be
explained. You make it look as if I coded it so script kiddies could crack
boxes.

I was not trying to ban it since the header clearly indicates that it can
be distributed.

If you cannot respect that, fine...end of debate.

-
DiGiT

On Fri, 8 Dec 2000, Graeme Fowler wrote:


DiGiT wrote:

I would apreciate that neither you or anyone else publish my exploits
to such a medium as this mailinglist or any sort of public arena.


Why not? You quite clearly indicate in the copyright notice at the top
of the code that:


 *  Copyright (c) 2000 - Security.is
 *
 *  The following material may be freely redistributed, provided
 *  that the code or the disclaimer have not been partly removed,
 *  altered or modified in any way. The material is the property
 *  of security.is. You are allowed to adopt the represented code
 *  in your programs, given that you give credits where it's due.


That says 'freely distributed', right? That means (in my understanding)
that I can freely distribute it providing I haven't changed or modified
the code or disclaimer? Which I haven't done. That code was published
exactly as-is, without modification. It also had to pass through the
moderator of VULN-DEV prior to publishing; presumably if they thought
there were a conflict in some way that the posting would not have been
published to the list.

I suspect that this thread could spin out of control if we're not
careful, since we're going to enter the realms of the
full-disclosure-versus-privacy argument. I found your kit on a server I
was asked to investigate some problems with - along with code for about
60 other exploits - and following the non-appearance of any exploit code
for LPRng on this list, published it - *after* consulting your copyright
notice.

If you object, change the notice.

Have a good weekend

Graeme






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]