Saturday, February 28, 2009

Advisories - Published

Vendor: Novell
Severity: High
Type: Remote vulnerability
Published: ZDI-10-001
Discovered: 02-09
Comments: Interesting that Novell patches the vulnerability and releases patch but advisory is not published until several months later. I wonder if many vendors do this.

Vendor: Sun
Product: Solaris - w(1)
Severity: Medium
Published: Sun Alert
Sun Bug: 6821298
Notes: I respect Sun alot, so no further details provided.

Vendor: IBM
Product: AIX
Severity: Medium
Type: Local privilege escalation
Notes: Three privilege escalations found, Two published

muxatmd buffer overflow
4-15-09 iDefense
Bugtraq ID: 34543

libc arbitrary file overwrite
5-20-09 iDefense
Bugtraq ID: 35034
This is also the first bug I have ever sold, was a rather eye-opening experience.
I really would have expected more from developers working on libc.

My research is published giving credit to: 1c239c43f521145fa8385d64a9c32243
(Except my very first few)

No comments:

Post a Comment