[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: SiteMinder Multiple Vulnerabilities
From:       Tero =?ISO-8859-1?Q?H=E4nninen?= <tero () betabyte ! net>
Date:       2005-07-11 17:26:12
Message-ID: 1121102772.7471.9.camel () localhost ! localdomain
[Download RAW message or body]

On Fri, 2005-07-08 at 14:03 +0000, c0ntexb@gmail.com wrote:
> /*
> *****************************************************************************************************************
>  $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities
> *****************************************************************************************************************
>                 
> 1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com
> 2: Bug Released: July 08 2005
> 3: Bug Impact Rate: Medium / Hi
> 4: Bug Scope Rate: Remote
> *****************************************************************************************************************
>  $ This advisory and/or proof of concept code must not be used for commercial gain.
> *****************************************************************************************************************
> 

What patch level did you research this on? I've tested with 5QMR7 HF-08 and it \
doesn't seem to be  working.

Similar (the same?) vulnerability was reported on 17th of January by
Marc Ruef (http://www.securityfocus.com/archive/1/387569) and has been
fixed by Netegrity/CA some time ago in the 5QMR7 agents (HF-06 if I
recall correctly). 

Best Regards,
Tero Hänninen

-- 
Tero Hänninen | tero@betabyte.net | http://www.betabyte.net/ |
           Overflow error in /dev/null


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic