| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43618AF5.9000702@shockley.net>
Date: Thu, 27 Oct 2005 22:20:37 -0400
From: Steve Shockley <steve.shockley@...ckley.net>
To: advisories@...asano.com, bugtraq@...urityfocus.com
Subject: Re: Network Appliance iSCSI Authentication Bypass
advisories@...asano.com wrote:
> ### Vendor Response
>
> Network Appliance Data ONTAP 7.0.2 is a General Availability release:
> http://now.netapp.com/NOW/cgi-bin/software
>
>
> Release of this advisory was coordinated with Network
> Appliance. Network Appliance has confirmed this vulnerability. For
> further information about the vulnerability disclosed in this
> advisory, see
> [NOW.NETAPP.COM BugsOnline](http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=169359).
Network Appliance sent out Field Alert Notice #260 to customers today
about this upgrade. From their email:
Important Fixes
---------------
175888 - Filer stops serving NFS after a bad thread synchronization
event
176788 - FAS3020/FAS3050 may respond slowly to requests, exhibit poor
performance
That's it. NOT ONE WORD ABOUT A VULNERABILITY OR A FIX. From reading
that synopsis, if I weren't using NFS or a FAS3020/FAS3050, I probably
wouldn't be very interested in applying the update, and my systems would
remain vulnerable.
You're releasing security fixes for an infrastructure product without
telling your customers! Who do you think you are, Cisco?
Almost as annoying: I went to view the NetApp pages linked above, and
the site made me register. After registration, I'm told I'm not
authorized to view the pages. (So why'd you want me to register?)
Powered by blists - more mailing lists