NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2003-q1

RE: [ISSForum] ISS Security Brief: Remote Sendmail Header Process ing Vulnerability

robert.d.turnerbt.com
Date: Tue Mar 04 2003 - 05:16:50 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Björn wrote:
> as the RS signature was included in XPU 20.9 (released in January)
> why was the "official" advisory held back till now?

Presumably to allow folks to patch and release a secured version of
Sendmail. X-Force have been slated for pre-announcing vulnerabilities
in the past - this time they have waited and all credit for that.

There was no real detail in the XPU help file that would help to
write an exploit (I would not be surprised if it was deliberately
vague), but it is better to have done things this way around.

Robert

--
Robert Turner GCIA
Security Solutions Designer & Analyst

BT Secure Business Services
T: +44 (0)113 244 5951 F: +44 (0)113 244 5657
Robert.D.Turnerbt.com

== # include std.disclaimer =====================================

British Telecommunications plc

Registered office: 81 Newgate Street London EC1A 7AJ

Registered in England no. 1800000

This electronic message contains information from British
Telecommunications plc which may be privileged or confidential.
The information is intended to be for the use of the individual(s)
or entity named above. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited. If you have received
this electronic message in error, please notify us by telephone
or email (to the numbers or address above) immediately.

Activity and use of the British Telecommunications plc E-mail
system is monitored to secure its effective operation and for
other lawful business purposes. Communications using this system
will also be monitored and may be recorded to secure effective
operation and for other lawful business purposes.

=================================================================

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]