oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2016-9963 Exim private information leak

From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 22 Dec 2016 06:42:43 -0500
On Thu, Dec 22, 2016 at 6:28 AM, Heiko Schlittermann
<hs () schlittermann de> wrote:

Jeffrey Walton <noloader () gmail com> (Do 22 Dez 2016 12:06:41 CET):
…

The bad guys already knew about the problem, or the motivated ones
found it after the partial disclosure.


Partial disclousure? I think, there was no disclosure at all, beside
requesting a CVE and talking about a possible leak of private
information. Is this enough to call it "partial disclousure"?


All they need is a toehold. When the rumors started circulating about
CRIME, a number of folks figured out the attack before Duong and Rizzo
presented it.

Jeff
Previous By Date Next
Previous By Thread Next

Current thread: