[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability
From: "Filipe Balestra" <filipe@xxxxxxxxxxxxxxx>
Date: Wed, 2 Jul 2008 02:19:01 -0300

mrdkaaa,

are you saying that this vulnerability is not new to the public?

The program phgrafx had some vulnerabilities published, but this one is not the 
same of any other that I can find in securityfocus. One program can have a lot 
of vulnerabilities :) 

But yes, this vulnerability is at least four years old, but was not public.

Anyway, QNX released Service Packs to solve some security problems in the past, 
and it's not our problem, we are advising the customers, they can choose or not 
the company. If you are a customer you probably would like to know about 
security issues in all product that you use. Also, we agree it's a crap vuln, 
that's why we took too long to release it. Whatever, why hold it?

p.s.: Rodrigo and me are no longer working for Scanit, so it's just a personal 
opinion, not a company official position. If you want to know about the company 
vulnerability release process or any other information, please, contact the 
Scanit R&D team.

Cheers,

Filipe Alcarde Balestra

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [tool] ratproxy - passive web application security assessment tool
Next by Date: Re: [Full-disclosure] Full-Disclosure? introducing lul-disclosure.
Previous by thread: Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability
Next by thread: [Full-disclosure] [ GLSA 200807-01 ] Python: Multiple integer overflows
Index(es):
- Date
- Thread