[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SiteMinder Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SiteMinder Multiple Vulnerabilities
From: Tero Hänninen <tero@xxxxxxxxxxxx>
Date: Mon, 11 Jul 2005 19:26:12 +0200

On Fri, 2005-07-08 at 14:03 +0000, c0ntexb@xxxxxxxxx wrote:
>  /*
>   
> *****************************************************************************************************************
>   $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities
>   
> *****************************************************************************************************************
>   1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com
>   2: Bug Released: July 08 2005
>   3: Bug Impact Rate: Medium / Hi
>   4: Bug Scope Rate: Remote
>   
> *****************************************************************************************************************
>   $ This advisory and/or proof of concept code must not be used for 
> commercial gain.
>   
> *****************************************************************************************************************

What patch level did you research this on? I've tested with 5QMR7 HF-08 and it 
doesn't seem to be 
working.

Similar (the same?) vulnerability was reported on 17th of January by
Marc Ruef (http://www.securityfocus.com/archive/1/387569) and has been
fixed by Netegrity/CA some time ago in the 5QMR7 agents (HF-06 if I
recall correctly). 

Best Regards,
Tero Hänninen

-- 
Tero Hänninen | tero@xxxxxxxxxxxx | http://www.betabyte.net/ |
           Overflow error in /dev/null

References:
- SiteMinder Multiple Vulnerabilities
  - From: c0ntexb

Prev by Date: blogtorrent remote/local user password disclosure
Next by Date: [SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities
Previous by thread: SiteMinder Multiple Vulnerabilities
Next by thread: Re: SiteMinder Multiple Vulnerabilities
Index(es):
- Date
- Thread