[Full-disclosure] It's all in the details, sapheal

[sftsi at hushmail.com]

Dear sapheal at hack.pl,

could you please supply a lot more details in the advisories that 
you post? They usually just say buffer overflow in DumbServer in 
crappyfunction(), and in case it's true and they are exploitable, 
it's very nice of you to discover them and tell everyone about 
them, but we want to see a lot more detail. What parts of the 
program call the vulnerable function, under what circumstances, 
under what configuration and compilation options, is the involved 
data considered trusted or untrusted, and finally, do you have any 
proof that the overflows are exploitable or are they just crashes 
that you believe to be exploitable?

This goes for other people as well, not just sapheal.

Regards and best wishes for the new year, SFTSI Evil Haxxx0rzzz




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485