From: patrick@Verity.COM (Patrick Horgan)
Date: Fri, 22 Sep 95 09:07:49 PDT
To: perry@piermont.com
Subject: Executing code on the stack, was Re: netscape bug
Message-ID: <9509221604.AA19341@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain


> very big, and you can do what you like. The 8lgm people wrote a demo
> for Sparc as a proof of concept.

It's worth mentioning that 8lgm (Eight little green men;) has recently
changed their policy on how long they wait to make exploit scripts available.
It has resonance with what's happened here on cypherpunks lately.  They
used to publish that there was a hole, but would hold up quite a while
on making the exploit scripts available.  They were trying to make it
safer for manufacturers and give them time to make fixes available first.
What actually happened is that manufacturers would put the fixes on the
backburner, and often not get around to them at all.  8lgm found that
publishing the exploit scripts usually resulted in quick fixes from the
vendors.  Now the exploitation details are available quite quickly.

Patrick
   _______________________________________________________________________
  /  These opinions are mine, and not Verity's (except by coincidence;).  \
 |                                                       (\                |
 |  Patrick J. Horgan         Verity Inc.                 \\    Have       |
 |  patrick@verity.com        1550 Plymouth Street         \\  _ Sword     | 
 |  Phone : (415)960-7600     Mountain View                 \\/    Will    | 
 |  FAX   : (415)960-7750     California 94303             _/\\     Travel | 
  \___________________________________________________________\)__________/