| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <80115b690508150801170abff@mail.gmail.com> Date: Mon Aug 15 16:51:05 2005 From: reedarvin at gmail.com (Reed Arvin) Subject: Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) Hmm...that is interesting. I assure you that they were notified and were given all of the information in the original post to Full-Disclosure at http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036022.html well before it was posted. I was surprised that there was no reply also. However, they are a large company. Things can slip through the cracks I guess. As to the statement that was made about not following "standard industry practices", I could only assume that they would add that to save face. But it doesn't bother me too much because I had the best of intentions when attempting to notifying them and disclosing the vulnerability. On 8/15/05, NoBrain NoPain <nobnop@...il.com> wrote: > Hello, > > Reed Arvin wrote: > > Patches/Workarounds: > > The vendor was notified of the issue. There was no response. > > Vendor Response: > http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml&language=en_US > > One can find there: "McAfee was not notified in advance of this > vulnerability per "standard industry practices". It would be > interesting when you contacted McAfee and what you told them...;) > > -- nobnop >
Powered by blists - more mailing lists