[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability

To: "" <aluigi@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability
From: <titon@xxxxxxxxxxxxxxx>
Date: Thu, 05 Jun 2008 07:06:56 +0000

>This one seems exactly the same vulnerability I disclosed in February
>2008 and for which I wrote also a testing attack (number 7) in my
>doubletakedown proof-of-concept [...blah blah...]

Good for you, but you do realize that the bug was reported to 
the vendor in May 2007.  You were just 8 months too late... 

But since you seem so eager to get some attention, I give you 
the credit of dropping a POC for an unpatched vuln into FD without 
even trying to contact the vendor... Well done !


--- [...SNIP...] ---
Disclosure Timeline:
2007-05-22 - Vulnerability reported to vendor
2008-06-04 - Coordinated public release of advisory
--- [...SNIP...] ---


titon.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Gadi Evron not a troll but n3td3v is?
Next by Date: [Full-disclosure] XSS in SamTodo v1.1
Previous by thread: Re: [Full-disclosure] Gadi Evron not a troll but n3td3v is?
Next by thread: [Full-disclosure] XSS in SamTodo v1.1
Index(es):
- Date
- Thread