Bugtraq mailing list archives
Re: Correction to latest Colsaire advisories
From: "advisories" <advisories () corsaire com>
Date: Wed, 15 Sep 2004 09:15:05 +0100
Rather than cross posting stuff verbatim from full-disclosure (it's there for anyone who wants to read it), in summary: At the time the research was conducted (August 2003) Corsaire looked around for as much information as possible prior to commencing. There were a number of individual MIME issues around, but most were single-product vulnerabilities. The 3APA3A white paper has existed since at least February 2002, but was not encountered at the time. It has been recently updated to include the latest information, but even so, details only a small subset of the test cases provided as part of the Corsaire research. If anyone were to claim that the 3APA3A white paper is in any way complete, fully researched and definitive, it would simply be untrue The Corsaire research project produced test cases for around 200 working attack vectors, that when passed through the top 10 content products produced over 800 individual vulnerabilities (needless to point out that there are a lot more than 10 products in this arena). When we approached Mitre in regard to organising CVE numbers, it was clear that there were far too many issues to allocate individually, so it was agreed to pursue the same route as the SNMP issue from several years ago (http://www.cert.org/advisories/CA-2002-03.html) and group them into manageable chunks; this is what produced the broad category based advisories. The use of the categories then isn't an attempt to assume credit for anyone else's work (if such exists), but to manage the volume of issues identified. Regards, Martin O'Neal Technical Director - Colsaire
Current thread:
- Correction to latest Colsaire advisories 3APA3A (Sep 14)
- Re: Correction to latest Colsaire advisories Andreas Marx (Sep 15)
- <Possible follow-ups>
- Re: Correction to latest Colsaire advisories advisories (Sep 15)
- RE: Correction to latest Colsaire advisories David Litchfield (Sep 16)
- RE: Correction to latest Colsaire advisories advisories (Sep 16)
- RE: Correction to latest Colsaire advisories advisories (Sep 25)