|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
edi.strosar
varnostne-novice.com
Date: Fri Aug 03 2007 - 14:43:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear 3APA3A,
I didn't mentioned any DoS in my advisory. I clearly
stated that it is a "bug" that will cause an
exception/crash. It is a kind of Null/invalid ptr deref.
The same kind as this is:
http://www.securityfocus.com/archive/1/434280
and not much different than this:
http://www.securityfocus.com/archive/1/461373
Nothing more. The main difference is that it was
"implemented" by the vendor.
http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a
Thanks for your interest anyway.
Sincerelly,
Edi Strosar (Team Intell)
3APA3A wrote:
>
> Can you, please explain why is this security bug? DoS is not software
> crash, DoS is Denial of Service. It means, security impact of DoS
> vulnerability should be preventing (blocking) access of legitimate user
> to some data or service (via data corruption, service malfuction, etc).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]