|
BugTraq
More information on ZERT patch for ANI 0day Apr 02 2007 02:19AM Gadi Evron (ge linuxbox org) (1 replies) Re: More information on ZERT patch for ANI 0day Apr 03 2007 07:42AM Stefan Kelm (stefan kelm secorvo de) (2 replies) Re: More information on ZERT patch for ANI 0day Apr 03 2007 06:52PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (1 replies) Re: [Full-disclosure] More information on ZERT patch for ANI 0day Apr 03 2007 05:32PM Matthew Murphy (mattmurphy kc rr com) |
|
|
Privacy Statement |
<sbradcpa (at) pacbell (dot) net [email concealed]> wrote:
> the community need that they are reacting to. Gadi and the crew work
> hard and have my respect for their efforts.
Agreed. Previous patches worked as advertised with no adverse side
effects here.
> If you are willing to evaluate the eEye patch, Zert's should be higher
> on your list as well since reportedly it works better than eEye's.
eEye's patch only protects from attacks outside of %systemroot%. If
an attacker can place a vulnerable file within %systemroot%, all bets
are off.
ZERT's patch, on the other hand, protects regardless of where the file
is located. It specifically prevents the stack overflow condition by
blocking chunks larger than 36 bytes from being copied.
> Regardless it's a moot point. The real patch is out.
> Install that one. It's on Windows update now.
ISC is reporting problems with the Microsoft patch. A problem with
the Realtek HD Audio Control Panel has been confirmed and patched by
Microsoft. Other problems have been reported but no additional
information on them has been released at this point.,
--
Jason 'XenoPhage' Frisvold
XenoPhage0 (at) gmail (dot) com [email concealed]
http://blog.godshell.com
[ reply ]