| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Jun 2008 07:06:56 +0000 From: <titon@...tardlabs.com> To: "" <aluigi@...istici.org> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, cert@...t.org Subject: Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability >This one seems exactly the same vulnerability I disclosed in February >2008 and for which I wrote also a testing attack (number 7) in my >doubletakedown proof-of-concept [...blah blah...] Good for you, but you do realize that the bug was reported to the vendor in May 2007. You were just 8 months too late... But since you seem so eager to get some attention, I give you the credit of dropping a POC for an unpatched vuln into FD without even trying to contact the vendor... Well done ! --- [...SNIP...] --- Disclosure Timeline: 2007-05-22 - Vulnerability reported to vendor 2008-06-04 - Coordinated public release of advisory --- [...SNIP...] --- titon. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists