Rune Kristian Viken wrote:
vulnerability. The only responsible thing to do, is to publish the exploit to as many security-mailinglists as possible, and let admins disable the buggy service.
After that it's race against time from sysadmin's point of view. Is admin fast enough to disable that service before someone breaks in? If only few peoples know about security vulnerability it's less likely that someone uses it in your system. If every script kiddie knows about it, then it's much more likely... How many people sit 24/7 reading security mailinglists? What if sysadmin is at weekend trip with his sailing boat? - Jussi Laako -- PGP key fingerprint: 161D 6FED 6A92 39E2 EB5B 39DD A4DE 63EB C216 1E4B Available at: ldap://certserver.pgp.com, http://keys.pgp.com:11371