Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Getting Off the Patch
From: Valdis.Kletnieks () vt edu
Date: Wed, 19 Jan 2011 10:27:41 -0500

On Wed, 19 Jan 2011 07:08:54 PST, cpolish () surewest net said:

Here's another factor to consider: with $VENDOR's kit you can't
get support unless all the released patches are in place.

Equally bad - $APP_VENDOR only certifies their product against specific
outdated patch levels of $OS_VENDOR.  For a while, we had a printing system
in-house that under the covers was NT4.0 (in a day when Win2K had already been
out for a while).  Trying to patch it was futile, as it would (a) usually break
the print software, (b) render it unsupported by the vendor and (c) they
updated the print software by re-imaging the whole thing, so you'd end up back
at the same vulnerable release and patchlevel of NT4.0. (The vendor's
intransigence for not supporting current OS releases ended up with us buying
another vendor's printer when it came to replacement time, but that took
several years of lack of fun).

We were also stuck with an instance of Oracle 8.0 when everything else was at
10.0 because a package vendor hadn't certified anything past 8.0.  That wasn't
much fun either, and the DBAs went out to do some major celebrating when 10.0
finally got certified. :)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]