| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F3AD15D.4774.5249AFE7@localhost> Date: Thu, 14 Aug 2003 00:01:33 +1200 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: DameWare Mini-RC Shatter The wood-ster wrote: > i would assume that any command you can type localy > is available as this is a remote control product ( trojan ) > ie: this is a feature, not a flaw? D'oh! Did you not read the whole advisory? We know you like Dameware from earlier messages of yours, so I'll try to make this really easy for you... Here's a hint -- I've snipped away everything from the original advisory other than the part even you should be able to understand: > > 5) Vendor status/notes/fixes/statements > > > > Dameware Development has repaired all current known vulnerabilities. > > > > Dameware Development will continue researching and developing > alternate > > development methods to ensure their software remains secure. > > > > A fix is available from Dameware Development by downloading version > > 3.71.0.0 or later from their website.[1] Now, do you think that Dameware folk would "fix" a "feature"? Did you even think? Please stop littering our mailboxes with your ill-considered dribblings. Please... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists