Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Siebel Vulnerabilities
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Tue, 09 Aug 2005 11:15:44 +0200

security curmudgeon wrote:

: Trust security vulnerability databases and sources for the common stuff : (i.e. wide-spread applications such as web servers or operating : systems), don't trust them to be accurate when dealing with uncommon : stuff only fortune 100 companies use.

Have you actually looked at the VDBs lately? This comment makes me think you haven't.

I use them in a regular basis. I'm going to push my point with a few questions: what vulnerabilities related to WebSeal (Tivoli Authentication Manager) do you find in your favorite VDBs? There are more relevant vulnerabilities published in _public_ product release notes (available online), much more than just those in VDBs (CAN-2001-1191 and CVE-2001-0982 if you care to look).

And there's a lot of widespread software that does not provide public information of security fixes (not even release notes are available online). Just to pick one, how about the Tibco suite? How many vulnerabilities you find in your favorite VDB?

These are just a few I've been involved with audits in the past. My experience in those audits drives the comments in my previous e-mail.

Regards

Javier


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]