Dailydave: Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months

From: Adam Shostack <adam () homeport org>
Date: Mon, 14 Nov 2005 11:33:44 -0500

On Mon, Nov 14, 2005 at 05:27:38PM +0100, Florian Weimer wrote:
| Regarding the lack of CVE IDs, I'd bet that vendors don't tell each
| other which bugs in which code the test suite has uncovered, which
| means that you cannot assign meaningful CVE IDs.  AFAIK, MITRE isn't
| too happy about shotgun testing and the mess it causes.

Happy or not, they've handled OUSPG's testing in the past, with the
SNMP test suite.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012,
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013

Adam

By Date By Thread

Current thread:

NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
  - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
  - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
    - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)
    - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
  - Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)