Re: [Full-disclosure] Windows Oday release

2007-06-13 Thread Joey Mengele
Dear all, Gadi Evron is a brilliant genius, much smarter than Thomas Lim. J On Tue, 12 Jun 2007 16:21:56 -0400 [EMAIL PROTECTED] wrote: On 2007-06-13 02:58+0800, Thomas Lim wrote: dear all Dear all, this is not a 0day, it is a public release of a responsibly disclosed vulnerability. Thank

Re: [Full-disclosure] Windows Oday release

2007-06-13 Thread crazy frog crazy frog
dear all, thanks for this nice thread. --- http://www.secgeeks.com get a blog on SecGeeks :) register here:- http://secgeeks.com/user/register rss feeds :- http://secradar.com/node/feed http://www.newskicks.com Submit and kick for new stories from all around

Re: [Full-disclosure] Windows Oday release

2007-06-13 Thread Joanna Rutkowska
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: On 2007-06-13 02:58+0800, Thomas Lim wrote: dear all Dear all, this is not a 0day, it is a public release of a responsibly disclosed vulnerability. Yes, indeed it *seems* so:

Re: [Full-disclosure] Windows Oday release

2007-06-13 Thread Peter Dawson
On 6/13/07, Joanna Rutkowska [EMAIL PROTECTED] wrote: One (I guess some responsible disclosure purist) could ask why they waited 6 months before reporting this vulnerability to the vendor? What were they doing with this exploit for the whole 6 months? maybe they were waiting for VistaX64 to

Re: [Full-disclosure] Windows Oday release

2007-06-13 Thread Michal Zalewski
On Tue, 12 Jun 2007 [EMAIL PROTECTED] wrote: Dear all, this is not a 0day The author never claimed so; in fact, the subject line clearly states it's a O-day, not a 0-day. This presumably denotes Saint Onuphrius, commemorated on the day this advisory got published. You can now admit to a

Re: [Full-disclosure] Windows Oday release

2007-06-13 Thread Jared DeMott
What is funny however, is that Microsoft, the great supporter of responsible disclosure actually is the main sponsor (patron) of the SyScan conference: http://syscan.org/ which is organized by Thomas. Maybe it's a sign that Microsoft realized that free responsible disclosure idea is a bit

[Full-disclosure] Windows Oday release

2007-06-12 Thread Thomas Lim
dear all SChannel Off-By-One Heap Corruption === Discovery Date: 28th August 2006 Date reported to Microsoft: 19th March 2007 Summary: The Secure Channel (SChannel) library on WinXP-SP1/SP2 is vulnerable to a off-by-one heap buffer overwrite. The SChannel

Re: [Full-disclosure] Windows Oday release

2007-06-12 Thread Johnson, Richard (NY Int)
-Original Message- From: Thomas Lim [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Tue Jun 12 14:58:24 2007 Subject: Windows Oday release dear all SChannel

Re: [Full-disclosure] Windows Oday release

2007-06-12 Thread ge
On 2007-06-13 02:58+0800, Thomas Lim wrote: dear all Dear all, this is not a 0day, it is a public release of a responsibly disclosed vulnerability. Thank you for sharing your research, Gadi. SChannel Off-By-One Heap Corruption === Discovery Date: 28th