Maybe you should be happy that people actually audit the code now instead of blackhats creating private exploits and gaining access to your * production machine and using it to wardial at other machines... Good luck with defending yourself in court if that happens. And lets not start the Full/No-Disclosure discussion again...
ms
Brian West wrote:
Because as the advisory pointed out it "could" happen. The likely thing to happen would be a segfault. Then again it should have been pointed out instead of silently updated.
bkw
On Wed, 10 Sep 2003, Michael Sandee wrote:
'proven'? Why post this bs... read the advisory, clearly shows they made one and tested. Second its trivial to make one, if you see what is wrong in the code.
Original advisory should have been posted here at the date of release, or announced by someone, but it wasn't... I guess some people are too busy, can't blame them.
Brian West wrote:
Also it wasn't a proven exploit. They said it "could allow an attacker to obtain remote and unauthenticated access". And if pigs "could" fly I would be a rich man!
bkw
Read the security vulnerability. It referenced CVS as of a certain date. If you aren't keeping up with CVS changes, why are you running CVS at all?
-Tilghman
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
