Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Network Appliance iSCSI Authentication Bypass

from [Steve Shockley] Network Security [Permanent Link]
Subject: Re: Network Appliance iSCSI Authentication Bypass
Date: Thu, 27 Oct 2005 22:20:37 -0400
advisories@matasano.com wrote: 
### Vendor Response

Network Appliance Data ONTAP 7.0.2 is a General Availability release: http://now.netapp.com/NOW/cgi-bin/software


Release of this advisory was coordinated with Network
Appliance. Network Appliance has confirmed this vulnerability. For
further information about the vulnerability disclosed in this
advisory, see
[NOW.NETAPP.COM 
BugsOnline](http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=169359).

Network Appliance sent out Field Alert Notice #260 to customers today about this upgrade. From their email:

Important Fixes
   ---------------
   175888 - Filer stops serving NFS after a bad thread synchronization
            event

   176788 - FAS3020/FAS3050 may respond slowly to requests, exhibit poor
            performance

That's it. NOT ONE WORD ABOUT A VULNERABILITY OR A FIX. From reading that synopsis, if I weren't using NFS or a FAS3020/FAS3050, I probably wouldn't be very interested in applying the update, and my systems would remain vulnerable.

You're releasing security fixes for an infrastructure product without telling your customers! Who do you think you are, Cisco?

Almost as annoying: I went to view the NetApp pages linked above, and the site made me register. After registration, I'm told I'm not authorized to view the pages. (So why'd you want me to register?)

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Remote MySQL User on Cpanel Default installation with blank password, sup3r_linux
Next by Date:  Re: Network Appliance iSCSI Authentication Bypass, steve . shockley
Previous by Thread:  Network Appliance iSCSI Authentication Bypass, advisories
Next by Thread:  Re: Network Appliance iSCSI Authentication Bypass, steve . shockley
Indexes:  [Date] [Thread] [Top] [All Lists]