Re[2]: [funsec] WMF round-up, updates and de-mystification

To: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Subject: Re[2]: [funsec] WMF round-up, updates and de-mystification
From: Pierre Vandevenne <pierre@xxxxxxxxxxxxxx>
Date: Tue, 3 Jan 2006 14:42:06 +0100
Cc: "'FunSec [List]'" <funsec@xxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <03dd01c6105d$26540000$0d00005a@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: DataRescue sa/nv
References: <1846049593.20060103124749@xxxxxxxxxxxxxx> <03dd01c6105d$26540000$0d00005a@xxxxxxxxxxxxxx>
Reply-to: Pierre Vandevenne <pierre@xxxxxxxxxxxxxx>

Good Day,

Tuesday, January 3, 2006, 12:59:22 PM, you wrote:

GE>> The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows.
PV>> I wouldn't say it does that. If you really want to simplify it in the
LS> extreme, it hides the vulnerable function.  

LS> Think of it as a "White Hat Rootkit"

Or merely a TSR hooking an interrupt vector. It doesn't hide itself.
It doesn't allow any kind of remote access to anything.

I can't see how it could even be remotely described as a rootkit.


-- 
Best regards,
 Pierre                            mailto:pierre@xxxxxxxxxxxxxx

References:
- Re: [funsec] WMF round-up, updates and de-mystification
  - From: Pierre Vandevenne
- RE: [funsec] WMF round-up, updates and de-mystification
  - From: Larry Seltzer

Prev by Date: New from the MS Advisory
Next by Date: Recruitment Software allows MySQL credentials disclosure
Previous by thread: RE: [funsec] WMF round-up, updates and de-mystification
Next by thread: Re: WMF round-up, updates and de-mystification
Index(es):
- Date
- Thread