|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Deus, Attonbitus (Thor_at_HAMMEROFGOD.COM)
Date: Wed Jul 10 2002 - 15:46:14 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 01:22 PM 7/10/2002, Ben Hutchings wrote:
>You have misunderstood what the paper says.
Indeed I did- grossly...
>The patch is for the server
>executable (or the in-memory image); SQL Server may have poor security but
>it doesn't rely on client-side authentication! So it would be a useful
>payload for a buffer overflow exploit, but it does not in itself represent
>a vulnerability.
Thank you for pointing that out- even after an email exchange between
myself and the author, I still did not get that... I thought that was the
reason for the paper- now seeing that it requires some other means of
patching on the server mitigates most, if not all, of my concerns in the
matter. I actually feel a bit foolish now in thinking what I though ;)
Here's to being obtuse: Cheers!
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPSydFohsmyD15h5gEQKcEgCg0ARr+cVL2uWXavdqSZqE78FLQfkAn3KO
t3ZmLcPVgwZGum5Jkve7jG6G
=fxmE
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]