IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Then I suggest...
Post #32,316
by Yendor
3/15/02 9:56:32 AM
Reply
New Then I suggest...
...that you simply not upgrade any of your systems that might be affected. Wait until someone can figure out how to exploit it. And then you can attempt to maybe possibly use your machine as an after-the-fact honeypot.

Meanwhile, I'll just go run red-carpet, update my system, and not worry about it.
-YendorMike

Real programmers use "vi a.out".
Post #32,434
by wharris2
3/16/02 10:05:44 AM
Reply
New I've run into double-free problems before
The memory arena is corrupted, and eventually the program core dumps. I can't get my mind around a way to reliably exploit it. Getting the condition to happen and somehow using it for a denial of service attack, I can see how that might be possible, but it's not worth worrying about for a home system.
Where each demon is slain, more hate is raised, yet hate unchecked also multiplies. - L. E. Modesitt
     zlib advisory - (ben_tilly) - (16) - March 11, 2002, 05:46:41 PM EST
         Re: zlib advisory - a similar link. - (a6l6e6x) - March 11, 2002, 11:25:28 PM EST
         Remedy? - (kmself) - (3) - March 12, 2002, 12:12:38 AM EST
             Erg. - (static) - March 12, 2002, 12:27:49 AM EST
             Well OpenBSD was never vulnerable. :-) - (ben_tilly) - (1) - March 12, 2002, 12:41:28 AM EST
                 OpenBSD as server - (kmself) - March 12, 2002, 01:51:32 PM EST
         Re: zlib advisory - (pwhysall) - (1) - March 12, 2002, 02:29:24 AM EST
             Re: zlib and up2date - (a6l6e6x) - March 12, 2002, 02:29:21 PM EST
         Microsoft vulnerable too - uses zlib code - (admin) - (2) - March 14, 2002, 10:07:28 PM EST
             Risk: adopting FS code without adopting FS practices - (kmself) - (1) - March 15, 2002, 01:45:18 AM EST
                 But note that MS doesn't update the build #'s - (tonytib) - March 15, 2002, 09:37:37 PM EST
         I'm confused about the entire thing - (wharris2) - (5) - March 14, 2002, 11:08:50 PM EST
             DoS is an attack - (ben_tilly) - (4) - March 14, 2002, 11:38:03 PM EST
                 Re: DoS is an attack - (wharris2) - (3) - March 15, 2002, 12:08:18 AM EST
                     Then I suggest... - (Yendor) - (1) - March 15, 2002, 09:56:32 AM EST
                         I've run into double-free problems before - (wharris2) - March 16, 2002, 10:05:44 AM EST
                     It's a known class of exploit... - (kmself) - March 15, 2002, 02:12:46 PM EST

Colossal liquid insect.
37 ms