Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Details of Sybase ASE bugs withheld

from [NGSSoftware Insight Security Research] Network Security [Permanent Link]
Subject: [VulnWatch] Details of Sybase ASE bugs withheld
Date: Mon, 21 Mar 2005 18:42:59 -0000 
In 2004, NGSS reported a number of serious security issues in Sybase ASE to
Sybase, which Sybase has released patches for:

http://www.sybase.com/detail?id=1034520

NGSS advise all Sybase ASE customers to review the advice that Sybase
provided in the alert above, and apply the relevant patches as soon as is
practical.

In line with our responsible disclosure policy, NGSS generally withhold
technical information about vulnerabilities for three months after the
vendor has provided a patch. NGSS do this in order to ensure that customers
have sufficient time to apply the patch, or otherwise protect themselves in
line with the vendor's advice before the details are made available to the
general public. After three months, the technical details are then
disclosed, in order to allow security auditors and network administrators to
fully understand the impact of the issues concerned, to prove that patches
have been applied correctly, and to implement more specific workarounds.

NGSS were due to publish the full technical details of the vulnerabilities
concerned on the 21st of March 2005.

On the morning of the 21st of March, NGSS received a letter from the Sybase
legal team requesting that NGSS withhold technical details of these serious
vulnerabilities indefinitely. Consequently, NGSS feel unable to publish the
technical details of these bugs until the legal situation has been resolved.

NGSS believe that it is not in the best interest of Sybase customers for
Sybase to prevent publication of the technical details of these bugs.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Remote Windows Kernel Exploitation - Step Into the Ring 0, Tony Mason
Next by Date:  Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake
Previous by Thread:  Default domain permissions on who can join a workstation to the domain, Constantino Tobio
Next by Thread:  Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake
Indexes:  [Date] [Thread] [Top] [All Lists]