lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040303083305.21597.qmail@webmaildomini1.aruba.it> From: dante at alighieri.org (Davide Del Vecchio) Subject: The non-apreciated world of full-disclosure 16 days after my post regarding the Firewall/VPN Appliance vuln and 1 month more my TELEPHONE notice to Symantec support, Symantec released a new version of firmware for their appliance. But the problem it`s not the time. The problem is that they told me it was "not a vulnerability", after 1 month they released the new firmare to patch the "Cached Password Vulnerability" (as they called it), and just telling "Symantec is aware of a potential administrator password leakage vulnerability reported in <http://securitytracker.com/alerts/2004/Feb/1009069.html>." ... This is what I received..I don`t want money but I think an ufficial "thank you" is the minimum... or not? Am I telling something of MAD?! the new firmware is avaiable here: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_firewall_v pn_appliance/updates/vpn200_161_app.zip d. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Davide Del Vecchio "Dante Alighieri" dante@...ghieri.org ~ dante@...ejack.it http://www.alighieri.org http://www.bluejack.it http://www.ezln.it - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Powered by blists - more mailing lists