|
Full Disclosure
mailing list archives
Re: iDEFENSE Security Advisory 08.18.04: Courier-IMAP Remote Format String Vulnerability
From: Kyle Maxwell <krmaxwell () gmail com>
Date: Wed, 18 Aug 2004 15:58:13 -0500
On Wed, 18 Aug 2004 12:32:55 -0400, idlabs-advisories () idefense com
<idlabs-advisories () idefense com> wrote:
Courier-IMAP Remote Format String Vulnerability
iDEFENSE Security Advisory 08.18.04
www.idefense.com/application/poi/display?id=131&type=vulnerabilities
August 18, 2004
[snip]
The vulnerability specifically exists within the auth_debug() function
defined in authlib/debug.c:
VIII. DISCLOSURE TIMELINE
08/10/2004 Initial vendor contact
08/10/2004 iDEFENSE clients notified
08/11/2004 Initial vendor response
08/18/2004 Public disclosure
IX. CREDIT
An anonymous contributor is credited with discovering this
vulnerability.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright (c) 2004 iDEFENSE, Inc.
It's interesting to note that this was reported in March 2004 and
reported at http://www.securityfocus.com/bid/9845. The CVE project had
already announced an ID (see
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224 or
your preferred CVE database). Unless there's something substantially
new here, iDEFENSE is charging customers for (and trying to gain
reputation based on) information that is months old without even
giving credit where its due. Perhaps the concept of plagiarism is
worth reviewing here.
--
Kyle Maxwell
krmaxwell () gmail com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
