[10799] in bugtraq
Re: VVOS/Netscape Bug
daemon@ATHENA.MIT.EDU (John Daniele)
Fri Jun 11 15:50:32 1999
Content-Identifier: 05B7837605128017
Content-Return: Allowed
Mime-Version: 1.0
Message-Id: <05B7837605128017*/c=ca/admd=CONCERT/prmd=kpmg/o=noteServer/s=Daniele/g=John/@MHS>
Date: Thu, 10 Jun 1999 19:58:32 -0400
Reply-To: John Daniele <JDaniele@KPMG.CA>
From: John Daniele <JDaniele@KPMG.CA>
To: BUGTRAQ@NETSPACE.ORG
Since I discovered this vulnerability during a penetration test on a client
system I did not have
adequate time to fully investigate the problem. I apologize for the
'misinformation', which I had
cross-checked with HP prior to posting. However, of the three such systems I
attempted to
exploit, it did not only affect NES but other applications they had bound as
well. It may warrant
another look.
Secondly, the Virtual Vault's product brief it states that it 'utilizes tough
B1 and B2 standards'
therefore I felt it was safe to use the word 'utilize' and 'comply'
interchangeably. I never mentioned
that the virtual vault operating system was reviewed and/or certified at the B2
level.
John Daniele
jdaniele@kpmg.ca
VOX: (416) 777-3759
