Network Security: Detailed info on Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider B

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider B

from [Dude VanWinkle] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability
Date:	Thu, 30 Nov 2006 20:52:25 -0500

On 11/30/06, zdi-disclosures@3com.com <zdi-disclosures@3com.com> wrote:

Thanks for pointing this out JP, it does in fact look confusing. We
determined during the Digital Vaccine filter creation process that a
previously released filter was robust enough to block the attack without
further modification and the vendor was immeditately notified.



NP,

I would clarify that in future notifications. i.e.: "tippingpoint
customers have been
protected from attacks of this kind since xyz date by GenericFilterX". Then
you could list the time lines for discovered/acquired, vendor
notification, patch released from vendor, and finally; public
disclosure.

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, Dude VanWinkle <=

Previous by Date:	Re: [Full-disclosure] NetBSD FTPD and ports *REMOTE ROOOOOT HOLE, K F (lists)*
Previous by Thread:	Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
Next by Thread:	[Full-disclosure] PayPal acount removal: bug or feature?, 3APA3A
Indexes:	[Date] [Thread] [Top] [All Lists]