Re: [Full-disclosure] Secuirty Hole Found In Dave's Sock

Thu, 08 Sep 2005 10:15:07 -0700 


I've black listed all communication with the Dave system until I can be
assured that this hole has been properly patched. A scan of my system
has found no such vulnerability. I am however also considering complete
un-installation of all sock from my system. While I wait for the vendor(s)
assurance that this problem has been solved.

Glenn


At 09:10 AM 9/8/2005, you wrote:


Date:           9/8/2005

Vulnerability Found:    Hole In Dave's Socket

Affected System:                Dave's Right Sock

Severity:                       Rating: Moderately Critical
                                Impact: System access
                                Where:  Foot

Description of Vulnerability:  This morning while putting my socks
on I found a small (1/4 inch) hole by my big toe. This could be
exploited by a virus through the bottom of the foot or under the
toe nail. This could be used to compromise Dave's entire system.

Solution: No permanent solution is currently available. A work
around is to wear the sock on the other foot to have the hole
above the small toe where it will not be furthur enlarged, it
will proboably fold over and partially cover the vulnerability.
Permanent solution coming in either a sock darning or upgrading
the unit to a new sock.

Time Table:             Found at 7:48am on Sept 8th, 1005
                        Work around figured out at 7:49am on Sept 8th,
2005
                        Permanent Solution Pending

Credits:                Found by Dave

References:             No references available.


***************************************************************
Dave D. Cawley           |
High Speed Internet      |    The number of Unix installations
Duryea, PA               | has grown to 10, with more expected.
(570)451-4311 x104       |  - The Unix Programmer's Manual,1972
[EMAIL PROTECTED] |
***************************************************************
                  URL => http://www.adelphia.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.19/93 - Release Date: 9/8/2005



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.19/93 - Release Date: 9/8/2005


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to