bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider B

from [Dude VanWinkle] [Permanent Link][Original]
To: "zdi-disclosures@3com.com" <zdi-disclosures@3com.com>
Subject: Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability
From: "Dude VanWinkle" <dudevanwinkle@gmail.com>
Date: Thu, 30 Nov 2006 08:02:45 -0500
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Wf7ww6x06SlndQS1aWQvquVreV3Kw0+fZoJabqjEhKf21iMjQzM6Q76N+bWUuNaT3sYSXgWspTGyZUEFky4ycI6ssHVpLln1QxyF6KFsLQLRoTNcbrn7m1yazzBCYPn6vsAtjlgAIeNEBjyFPHv88ZBzX1qjT8lPp9CRjagHr9w=
In-reply-to: <OF7BA23927.28DF4D71-ON88257235.005E0799-88257235.005E5B9B@3com.com>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
References: <OF7BA23927.28DF4D71-ON88257235.005E0799-88257235.005E5B9B@3com.com> 
On 11/29/06, zdi-disclosures@3com.com <zdi-disclosures@3com.com> wrote:

ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow
            Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-043.html
November 29, 2006

<snip>

-- Disclosure Timeline:
2005.07.07 - Digital Vaccine released to TippingPoint customers
2006.10.02 - Vulnerability reported to vendor
2006.11.29 - Coordinated public release of advisory


you waited over a year to report it to the vendor?

sounds like analyzing your digital vaccine rules might yield a slew of
reproducible 0 days that vendors are unaware of.....

-JP<who is admittedly unaware of the tippingpoint vaccine format, and
about how much info can be gleaned from it>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ GLSA 200611-26 ] ProFTPD: Remote execution of arbitrary code, Raphael Marichez
Next by Date:  Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
Previous by Thread:  ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability, zdi-disclosures
Next by Thread:  PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability, philip anselmo
Indexes:  [Date] [Thread] [Top] [All Lists]