on Aug 21, Karl Strickland Wrote: >After several lengthy discussions explaining the vulnerability to SUN >(mostly to convince them that a problem actually existed), we promised >them we would not release any exploit info until their patch was >available (in this instance). To him I respond: First, Karl, This is a FULL DISCLOSURE List, secondly, as I recall my advisory - SUN is not the only vendor OS affected. You want to make agreements with SUN not to disclose THIER vulnerabilities until they make a patch - fine - don't post to BUGTRAQ. L Kealey