On Thu, May 13, 2004 at 00:54:19 +0300, Shachar Shemesh <psql@shemesh.biz> wrote:
> >
> I'm sorry. Maybe it's spending too many years in the security industry
> (I've been Check Point's "oh my god we have a security problem" process
> manager for over two years). Maybe it's knowing how to actually exploit
> these problems. Maybe it's just seeing many of the good guys (OpenBSD's
> Theo included) fall flat on their faces after saying "This is a DoS
> only". In my book, a buffer overrun=arbitrary code execution.
But it is still a local user exploit, not a remote user exploit. That makes
a big difference in how the bug should be treated.