[Full-disclosure] Secunia PSI (RC3) - memory corruption condition
Hi I have detect, in some circumstance, a memory corruption issue in Secunia PSI (release candidate 3). The vendor was contacted without response. ...I know that this kind of issues in release candidate are not so rare but if you are interested check: http://extraexploit.blogspot.com/2009/09/secunia-psi-rc3-undefined-memory.html Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secunia PSI (RC3) - memory corruption condition
Hi, Thank you for the report. Based on the provided information, this is not a security issue (as securityfocus wrongfully hasted to conclude), but rather a bug (in an ancient release candidate). If you have any further details, please send those to secur...@secunia.com. -- Kind regards, Thomas Kristensen CTO Secunia Weidekampsgade 14A DK-2300 Copenhagen S Denmark Phone: +45 7020 5144 Fax:+45 7020 5145 Looking for a vulnerability research and reversing job? http://secunia.com/corporate/jobs/open_positions/ On Wed, 2009-09-02 at 21:15 +0200, exploit dev wrote: Hi I have detect, in some circumstance, a memory corruption issue in Secunia PSI (release candidate 3). The vendor was contacted without response. ...I know that this kind of issues in release candidate are not so rare but if you are interested check: http://extraexploit.blogspot.com/2009/09/secunia-psi-rc3-undefined-memory.html Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secunia PSI (RC3) - memory corruption condition
Hi Thomas, my post is not to intend for malicious activities. In report I write that is usually for rc stage, discovery condition of this kind. Usually these ancient bugs, IMHO, may be used for support analysis based on binary diff using the historical releases of an application for obtain a delta of critical zone. But, again, it's only my opinion. Thank you for your answer. Kind regards. On Wed, Sep 2, 2009 at 10:27 PM, Thomas Kristensen t...@secunia.com wrote: Hi, Thank you for the report. Based on the provided information, this is not a security issue (as securityfocus wrongfully hasted to conclude), but rather a bug (in an ancient release candidate). If you have any further details, please send those to secur...@secunia.com. -- Kind regards, Thomas Kristensen CTO Secunia Weidekampsgade 14A DK-2300 Copenhagen S Denmark Phone: +45 7020 5144 Fax:+45 7020 5145 Looking for a vulnerability research and reversing job? http://secunia.com/corporate/jobs/open_positions/ On Wed, 2009-09-02 at 21:15 +0200, exploit dev wrote: Hi I have detect, in some circumstance, a memory corruption issue in Secunia PSI (release candidate 3). The vendor was contacted without response. ...I know that this kind of issues in release candidate are not so rare but if you are interested check: http://extraexploit.blogspot.com/2009/09/secunia-psi-rc3-undefined-memory.html Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
