From: Ryan Russell (ryan@securityfocus.com)
Date: Wed May 29 2002 - 01:28:11 EDT
On Tue, 28 May 2002, Deus, Attonbitus wrote:
> Let's put this in perspective. You supplied exploit code for the idq
> vulnerability. All manner of folk blamed you (incorrectly) for Code Red
Minor nit: eEye did not release any exploit code for the ida/idq to the
public. They said they were going to in the initial release of their
advisory, and later changed their minds. In fact, if you're paying close
attention, that vulnerability is when they quit releasing exploits with
their advisories.
If you look at Code Red, the guy who wrote that exploit didn't need any
help, and even came up with the %u technique while he was at it. The eEye
guys had a couple of comments in their advisory that were directed at
anyone who would have been capable of reproducing the work. I.e. anyone
who could follow the comments, didn't need them to produce an exploit.
Just wanted to clarify. I keep seeing this repeated, and it's turning
into one of those infosec urban legends, like Kevin hacking NORAD or being
on the FBI most wanted list.
Ryan
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT