[Devel] Two more BugTraq reports
Bastian Friedrich
bastian.friedrich at collax.com
Tue Jan 2 10:11:04 CET 2007
Hi,
happy new year!
As I have not seen the topic mentioned here, I'd like to report that there
were two more openser bugs disclosed on the security mailing list BugTraq:
http://www.securityfocus.com/archive/1/455415/30/30/threaded
http://www.securityfocus.com/archive/1/455412/30/30/threaded
Both describe possible buffer overflows (this time, with _possibly_ remote
exploitability) in two modules (sms and osp). Sadly, the hacker seems not to
have contacted the openser team before dislosing the bugs...
1) Is there any dedicated security contact for openser? It might be a good
idea to have a dedicated email address and/or dedicated security contact
information on the openser web page.
2) Have you been aware of the leaks? Is it ok that I forward these reports
here, or should I have opened new bugtracker tickets?
Best,
Bastian
--
Collax GmbH . Burkheimer Straße 3 . 79111 Freiburg . Germany
p: +49 (0) 761-45684-24
f: +49 (0) 761-45684-10 www.collax.com
\ Q: How many surrealists does it take to change a light bulb?
\ A: Two, one to hold the giraffe, and the other to fill the
\ bathtub with brightly colored machine tools.
More information about the Devel
mailing list