Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
Subject: Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability
From: iDefense Labs <labs-no-reply@xxxxxxxxxxxx>
Date: Thu, 04 Oct 2007 14:16:02 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Zaraza,

Thank you for pointing out the misleading text.  The vulnerability is a
signedness error which leads to information disclosure.  We have updated
the advisory to read as follows.

===
negative value can cause large amounts of kernel memory contents to be
disclosed.
===

VeriSign iDefense Labs

> From: 3APA3A <3APA3A_at_SECURITY.NNOV.RU>
> Date: Thu, 4 Oct 2007 20:38:51 +0400
> 
> Dear iDefense Labs,
> 
> Can you please clarify this issue? According to subject it looks like
> information leak (information disclosure) issue, while according to
> description, it looks more like memory leak (Denial of Service) issue.

Prev by Date: Re: 0day: mIRC pwns Windows
Next by Date: Re: Re[2]: 0day: mIRC pwns Windows
Previous by thread: Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability
Next by thread: 0day: mIRC pwns Windows
Index(es):
- Date
- Thread