lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 1 Dec 2007 03:37:50 -0500 From: "Williams, James K" <James.Williams@...com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability > Date: Wed, 28 Nov 2007 03:32:51 +0000 > From: cocoruder. <frankruder@...mail.com> > Subject: Re: [Full-disclosure] ZDI-07-069: CA BrightStor > ARCserve Backup Message Engine Insecure Method Expos > To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com> > > it is so amazing that the vendor's advisory has been released > more than one month ago, (see my advisory of a similar vul at > http://ruder.cdut.net/blogview.asp?logID=221), and another thing > is that I have tested my reported vul again after CA's patch > released one month ago, but in fact they have not fixed it!! I > report it again to CA but there is no response, I guess CA is > making an international joke with us:), or because this product > is sooooooooo bad that they will not support it any more? > welcome to my blog:http://ruder.cdut.net cocoruder, We have not received any email from frankruder@...mail, but we did receive an email about this issue from hfli@...tinet on 2007-10-15. We responded to that email on 2007-10-15. FYI, we are currently wrapping up QA on new patches, and we have contacted hfli@...tinet with details. Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists