| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: krmaxwell at gmail.com (Kyle Maxwell) Subject: iDEFENSE Security Advisory 08.18.04: Courier-IMAP Remote Format String Vulnerability On Wed, 18 Aug 2004 12:32:55 -0400, idlabs-advisories@...fense.com <idlabs-advisories@...fense.com> wrote: > Courier-IMAP Remote Format String Vulnerability > > iDEFENSE Security Advisory 08.18.04 > www.idefense.com/application/poi/display?id=131&type=vulnerabilities > August 18, 2004 [snip] > The vulnerability specifically exists within the auth_debug() function > defined in authlib/debug.c: > VIII. DISCLOSURE TIMELINE > > 08/10/2004 Initial vendor contact > 08/10/2004 iDEFENSE clients notified > 08/11/2004 Initial vendor response > 08/18/2004 Public disclosure > > IX. CREDIT > > An anonymous contributor is credited with discovering this > vulnerability. > > Get paid for vulnerability research > http://www.idefense.com/poi/teams/vcp.jsp > > X. LEGAL NOTICES > > Copyright (c) 2004 iDEFENSE, Inc. It's interesting to note that this was reported in March 2004 and reported at http://www.securityfocus.com/bid/9845. The CVE project had already announced an ID (see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224 or your preferred CVE database). Unless there's something substantially new here, iDEFENSE is charging customers for (and trying to gain reputation based on) information that is months old without even giving credit where its due. Perhaps the concept of plagiarism is worth reviewing here. -- Kyle Maxwell krmaxwell@...il.com
Powered by blists - more mailing lists