Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: BakBone NetVault last warning
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Wed, 11 May 2005 10:12:19 -0400

"when a man such as you reports a security hole we can not put all works on the ground and say yes: we are fixing it"

What kind of bullshit is that! I am glad I am not a customer of theirs.

What kind of man must you be to make them say "yes: we are fixing it". Perhaps you have to be a sexy woman instead. =]

-KF

class wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As a recall, there is now two months, the Hat-Squad has published 2
high security risks still UNPATCHED for BakBone NetVault 6.x/7.x all
versions. In an Open Letter:

http://phx.corporate-ir.net/phoenix.zhtml?c=67723&p=irol-newsArticle&t=Regular&id=704547&;

Bakbone announce a new NetVault Q4 2005, and a new MACOSX version. My
suggestion to BakBone is to review their whole code because Im aware
that another Heap overflow has been found by a friend without to be
published.

We won't republish this warning as soon as BakBone choosed to wake up,
but we recommand to assest BakBone products if you are seeking for
security bugs, this is a nice peace of cheese.

BakBone NetVault 6.x/7.x Remote Heap Buffer Overflow advisory

class101.org/netv-remhbof.pdf

BakBone NetVault 6.x/7.x Remote Heap Buffer Overflow exploit

class101.org/36/55/op.php

BakBone NetVault 6.x/7.x Local Stack Buffer Overflow advisory

class101.org/netv-locsbof.pdf

BakBone NetVault 6.x/7.x Local Stack Buffer Overflow exploit

class101.org/36/55/op.php


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFCgf4vLyZ8K9aT7rARAqu3AJ411cU2YZkRcOwFfRlF1PMLWvFaRACdGAvo
belmxbd7Z/peu5L154pS02k=
=hHqE
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]