lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY12-F233EEFC5EC68178559B39EEB3C0@phx.gbl>
Date: Thu, 31 Aug 2006 22:28:46 -0400
From: "Sec Anon" <sec_anon@...mail.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [Informix] Is Telelogic's Synergy integrated Informix server also vulnerable?

Hi all,

   Well we have read David's Litchfield's paper on how insecure and easy 
cracking unpatched versions of Informix is. But how about the OEM vendors 
like Telelogic with their Synergy product range? Telelogic's Synergy Change 
and CM are enterprise products for Change Management control which exist in 
many large corporations and are business critical. It might be sufficient to 
say most likely these products are also vulnerable to the same attacks. As 
they are OEM the existing patches can't be applied. Telelogic don't seem to 
be doing anything about it, so how can we defend our boxes? We can't. This 
is a request to the security community for support in helping to determine 
if these OEM vendors are vulnerable and hopefully getting them to fix their 
products.

http://www.databasesecurity.com/informix-securing.htm   David's paper
http://www.telelogic.com/corp/products/synergy/index.cfm   Vendor page

-SecAnon

_________________________________________________________________
Search from any web page with powerful protection. Get the FREE Windows Live 
Toolbar Today!   http://get.live.com/toolbar/overview

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ