OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Cheyenne Inoculan vulnerability on NT
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cheyenne Inoculan vulnerability on NT


  • To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  • Subject: Re: Cheyenne Inoculan vulnerability on NT
  • From: Russ <Russ.CooperRC.ON.CA>
  • Date: Tue, 16 Jun 1998 08:11:03 -0400
  • Reply-To: Russ <Russ.CooperRC.ON.CA>
  • Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

According to a conversation I had with Computer Associates International
Tech Support, the problem described on June 10th regarding being able to
run arbitrary code on a machine running Inoculan v4.0

HAS NOT BEEN FIXED

by their patch "Update to build 373, Service Pack 2A - il0145.zip".

As of today, they stated that they hope to have a fix publicly available
with the next signature file update. CAI have their own Listserv to keep
interested parties up-to-date regarding their products;

To keep updated with the latest news about InocuLAN, ARCserve & FAXserve
please subscribe to CA E-news
http://www.cai.com/cheyenne/listserv/

CAI do have a temporary fix which they have made available to at least
one Inoculan customer. Why they have not deemed this important enough to
make it available to all customers is a mystery. The original poster of
this thread waited until he had seen the temporary fix in action before
posting the exploit information on the assumption that what he received
was now publicly available.

If you run Inoculan, contact CAI and insist on the temporary fix until
they make it available as part of a general service pack.

Cheers,
Russ