Full Disclosure mailing list archives

Re: PIRS2007 local buffer overflow vulnerability

From: <edi.strosar () varnostne-novice com>
Date: Fri, 13 Jul 2007 18:49:59 -0400

Dear 3APA3A,

you are absolutely right. Overwriting EIP does not 
necessary mean that the application is exploitable. 
Neither we claim that in our advisory. So, technically 
speaking, consider this a "bug" or "buffer overflow 
condition" rather than vulnerability.

Thanks God for semantics :)

Edi Strosar
(TeamIntell)

-- On 7/13/07, 3APA3A <3APA3A () SECURITY NNOV RU> wrote:

Please explain why is this "vulnerability" and not "just > the bug".


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

PIRS2007 local buffer overflow vulnerability edi.strosar (Jul 13)
- Re: PIRS2007 local buffer overflow vulnerability 3APA3A (Jul 13)
- <Possible follow-ups>
- Re: PIRS2007 local buffer overflow vulnerability edi.strosar (Jul 13)