Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Tippingpoint Releases Details on Unpatched Bugs SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tippingpoint Releases Details on Unpatched Bugs

Tippingpoint, which operated the "Zero Day Initiative" bug bounty program released 22 vulnerabilities for which no patch is available [1]. Last year, Tippingpoint announced that they will release details 180 days after they are aware of a bug, even if the vendor has not yet released a patch.

The details released include a one paragraph description of the vulnerability, which in itself is usually not enough to come up with an exploit, but it may provide a pointer to re-discover the vulnerability. 

[1] http://www.zerodayinitiative.com/advisories/published/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Johannes

3915 Posts
ISC Handler
Feb 8th 2011

Sign Up for Free or Log In to start participating in the conversation!