"On Tuesday, a member of the Bugtraq mailing list,
which boasts upwards of 50,000 subscribers, posted an exploit --
developed by TESO -- which takes advantage of the vulnerability,
despite the fact that the exploit's header forbade distribution of
the exploit, and gave mailing lists and Bugtraq in particular as
examples.
"We did not give out the exploit to anyone and have not done so
since it was written," said Sebastian, a member of TESO and the
discoverer of the vulnerability. Sebastian chose to remain
"pseudonymous."
"We were aware that if the exploit is publicly posted on Bugtraq
or another public Web site it would mean great damage, so we put a
warning message that legally forbids doing so in the top of the
exploit source code, so that if it ever falls into the wrong hands
at least there is some extra 'protection.'"
Sebastian said TESO is still considering whether to pursue legal
action, but has not yet retained an attorney."
