| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Aug 2006 22:28:46 -0400 From: "Sec Anon" <sec_anon@...mail.com> To: full-disclosure@...ts.grok.org.uk Cc: bugtraq@...urityfocus.com Subject: [Informix] Is Telelogic's Synergy integrated Informix server also vulnerable? Hi all, Well we have read David's Litchfield's paper on how insecure and easy cracking unpatched versions of Informix is. But how about the OEM vendors like Telelogic with their Synergy product range? Telelogic's Synergy Change and CM are enterprise products for Change Management control which exist in many large corporations and are business critical. It might be sufficient to say most likely these products are also vulnerable to the same attacks. As they are OEM the existing patches can't be applied. Telelogic don't seem to be doing anything about it, so how can we defend our boxes? We can't. This is a request to the security community for support in helping to determine if these OEM vendors are vulnerable and hopefully getting them to fix their products. http://www.databasesecurity.com/informix-securing.htm David's paper http://www.telelogic.com/corp/products/synergy/index.cfm Vendor page -SecAnon _________________________________________________________________ Search from any web page with powerful protection. Get the FREE Windows Live Toolbar Today! http://get.live.com/toolbar/overview
Powered by blists - more mailing lists