[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple vulnerabilities in Double-Take 5.0.0.2865

To: Luigi Auriemma <aluigi@xxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Multiple vulnerabilities in Double-Take 5.0.0.2865
From: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Date: Thu, 06 Mar 2008 16:14:03 -0500

Luigi Auriemma wrote:

Application: Double-Take


Double Take responded:

You may be aware of a recent posting of “vulnerabilities” in Double-Take5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found thatsending packets of malformed data to our service will crash the service.

He also found that given access to the network, he could find a server’soperating system, Ethernet adapters, printer driver, list of partitionsand their file systems, and recent Double-Take log entries.

These issues are not new and pose a low security risk. They do notresult in unauthorized system access, data access, or data corruption.They also require the ability to send/receive packets directly to/from aserver, which would require prior access to your network.

We want to assure you that these are not cause for concern and that weare working to close these gaps.

Prev by Date: [ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities
Next by Date: [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure
Previous by thread: [ MDVSA-2008:061 ] - Updated mailman packages fix multiple XSS vulnerabilities
Next by thread: [SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure
Index(es):
- Date
- Thread