[34011] in bugtraq
The non-apreciated world of full-disclosure
daemon@ATHENA.MIT.EDU (Davide Del Vecchio)
Wed Mar 3 13:38:08 2004
Message-ID: <20040303083305.21597.qmail@webmaildomini1.aruba.it>
From: "Davide Del Vecchio" <dante@alighieri.org>
To: full-disclosure@lists.netsys.com;;, bugtraq@securityfocus.com
Date: Wed, 03 Mar 2004 09:33:04 +0100
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
16 days after my post regarding the Firewall/VPN Appliance vuln
and 1 month more my TELEPHONE notice to Symantec support,
Symantec released a new version of firmware for their appliance.
But the problem it`s not the time.
The problem is that they told me it was "not a vulnerability",
after 1 month they released the new firmare to patch the "Cached Password
Vulnerability" (as they called it), and just telling
"Symantec is aware of a potential administrator password leakage
vulnerability reported in
<http://securitytracker.com/alerts/2004/Feb/1009069.html>."
...
This is what I received..I don`t want money
but I think an ufficial "thank you" is the minimum... or not?
Am I telling something of MAD?!
the new firmware is avaiable here:
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_firewall_v
pn_appliance/updates/vpn200_161_app.zip
d.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Davide Del Vecchio "Dante Alighieri" dante@alighieri.org ~ dante@bluejack.it
http://www.alighieri.org http://www.bluejack.it http://www.ezln.it
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
