lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4A897D9D.28798.1A6273B5@dragon.midatlanticbb.com>
Date: Mon, 17 Aug 2009 11:56:13 -0400
From: "Glenn Rossi" <dragon@...atlanticbb.com>
To: starchang@...n.com.tw
Cc: support@...n-usa.com, bugtraq@...urityfocus.com
Subject: Re: Multiple vulnerabilities in several ATEN IP KVM Switches

I emailed you last week but did not receive a response.

What about units like the CN5000 that do not appear anywhere on your 
website?  We have two of these and are very concerned about the below-
referenced vulnerability.

Will a firmware upgrade for these units be forthcoming as well, or do 
we now own hundreds of dollars worth of paperweights?



> This is Technical Support Team from ATEN.
> 
> Firstly, we appreciate all suggestions from Germany TUB LAB.
> Undoubtedly, guaranteeing our KVM products with robust security
> mechanism is our responsibility. 
> 
> After discussing with Germany TUB LAB, we believe all security issues
> could be fixed by new Firmware version as below. 
> 
> - KH1508i/KH1516i v1.0.068 
> - KN9108/KN9116 v1.1.109 
> - PN9108 v1.8.179 
> 
> Scheduled Release Date is around Aug. 17, 2009 
> 
> Please visit our ATEN official site later.
> http://www.aten.com/download/download.php
> 
> As for SSL Certificate, SSL Certificate import function has built into
> our KVM above with new firmware. We strongly suggest our KVM users to
> import their individual Certificate for advanced security concern. We
> will tell our KVM users how to generate their own Certificate by
> openssl tool in our product manual later. 
> 
> Thanks,
> ATEN SUPPORT

--
Glenn Rossi
Operations/Security/Engineering
MidAtlantic BroadBand/Staffnet/Protel
------------------------------------------
voice:  (866) HELP-KIT ext 132

web:    http://www.midatlanticbb.com
email:  mailto:webmaster@...atlanticbb.com
fax:    (410) 727-8245
handle: dragon
------------------------------------------
MidAtlantic BroadBand
729 East Pratt St., Suite 440
Baltimore, MD USA 21202
------------------------------------------
Without security, freedom is not possible.
------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ