Remember - if the exploit works, you have a problem. Failure of theYes, excellent point. Phrased somewhat differently, software testing only detects the presence
exploit to work does NOT mean you don't have a problem - somebody with
a different version that has a critical offset set to 4 more or less
may make swiss cheese of your network.
of a problem, not the absence of one. I believe that that subtle but oh-so-important point is
not understood far too often.
Cheers,
Ken van Wyk -- KRvW Associates, LLC CERT� Certified Computer Security Incident Handler http://www.KRvW.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
