William D. Colburn (aka Schlake) on Fri, Feb 01, 2002 at 12:58:57PM -0700: William,
Normally I would disclose the crash to the list, but if no fix will be forthcoming I am afraid too let other people know how to down a server.
Does anyone know if the author is still available, or if I should dig into the code to generate a patch on my own before releasing this information?
I strongly suggest you publish this problem to this list, or, if it is relevant enough, to the security-lists (vuln-dev, bugtraq, whatever you see fits). The security community agrees that security issues should be published within a certain amount of time, to allow people to think about counter- measures of any kind or at least *know* that they are vulnerable ... see http://www.securityfocus.com/ and look for the full disclosure policy. Chances are, if you could figure out the problem exists, somebody malicious could too ... besides that, I believe Balasz is back from the hospital anyway? Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B