[VIM] S at BUN posts

str0ke str0ke at milw0rm.com
Thu Feb 21 18:46:27 UTC 2008


Steven,

The bugtraq submissions usually have 1-2 targets to test in the wild,
usually with one working.  Not much to go on so I don't post those up. 
The submissions hes sending into milw0rm usually have around 5-15
targets submitted with the vulnerability + others out in the wild.  I
can disclose vulnerable targets if it would help to figure out version /
other information.  I don't have the time currently to keep tracking
version information with the amount hes submitting in.  Maybe we can all
help each other out :)  The main problem is that im allowing his work in
without version information and others will start following suit which
will get even worse.

Hes finding sql injections pretty quickly for widely used
components/modules.  Betting hes using an automated sql injection
scanner in the wild mostly because of the dorks and lack of information
on the product when chatting with him.

/str0ke

Steven M. Christey wrote:
> FYI, for CVE, I'm de-prioritizing most disclosures by S at BUN.  This
> means that our analysts try to stay away from these disclosures unless
> we're running out of new stuff to process.  They often take too much
> time to research, even with the google-dork reference, just to figure
> out if CVE should include them, and they are sometimes too full of
> important errors or omissions.
>
> That said - str0ke, one of our analysts noticed that the posts that
> make it to milw0rm always seem to be for a likely-distributable
> product with at least some information.  Do you have some rough
> process for handling S at BUN's posts?  If you've already done some
> degree of verification, that might be enough for us to treat them with
> normal priority.
>
> What are others doing, if anything, about these?
>
> - Steve
>
>   


More information about the VIM mailing list