Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: BakBone NetVault last warning
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Wed, 11 May 2005 10:35:08 -0400

They do mention "Progress continues toward making the required assessment under Section 404 of the Sarbanes-Oxley Act of 2002 and the related rules" but of course this has nothing to do with the security of their products. =]
-KF


class wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

have been also surprised to not see the word "security" in their open
letter

http://phx.corporate-ir.net/phoenix.zhtml?c=67723&p=irol-newsArticle&t=Regular&id=704547&;

:>

KF (lists) a écrit :

"when a man such as you reports a security hole we can not put all
works on the ground and say yes: we are fixing it"

What kind of bullshit is that! I am glad I am not a customer of
theirs.

What kind of man must you be to make them say "yes: we are fixing
it". Perhaps you have to be a sexy woman instead. =]

-KF

class wrote:


As a recall, there is now two months, the Hat-Squad has published 2
high security risks still UNPATCHED for BakBone NetVault 6.x/7.x
all versions. In an Open Letter:

http://phx.corporate-ir.net/phoenix.zhtml?c=67723&p=irol-newsArticle&t=Regular&id=704547&;



Bakbone announce a new NetVault Q4 2005, and a new MACOSX version.
My suggestion to BakBone is to review their whole code because Im
aware that another Heap overflow has been found by a friend without
to be published.

We won't republish this warning as soon as BakBone choosed to wake
up, but we recommand to assest BakBone products if you are seeking
for security bugs, this is a nice peace of cheese.

BakBone NetVault 6.x/7.x Remote Heap Buffer Overflow advisory

class101.org/netv-remhbof.pdf

BakBone NetVault 6.x/7.x Remote Heap Buffer Overflow exploit

class101.org/36/55/op.php

BakBone NetVault 6.x/7.x Local Stack Buffer Overflow advisory

class101.org/netv-locsbof.pdf

BakBone NetVault 6.x/7.x Local Stack Buffer Overflow exploit

class101.org/36/55/op.php


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFCghRrLyZ8K9aT7rARAgDuAJ4tYTFK7wN3XCYjveXSxJ2NHda3DACfQ4RL
yFuS6o9Ch70AvcCR6Hwo8fs=
=CfAp
-----END PGP SIGNATURE-----






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]