Bugtraq mailing list archives
Re: Network Appliance iSCSI Authentication Bypass
From: Steve Shockley <steve.shockley () shockley net>
Date: Thu, 27 Oct 2005 22:20:37 -0400
advisories () matasano com wrote:
### Vendor ResponseNetwork Appliance Data ONTAP 7.0.2 is a General Availability release: http://now.netapp.com/NOW/cgi-bin/softwareRelease of this advisory was coordinated with Network Appliance. Network Appliance has confirmed this vulnerability. For further information about the vulnerability disclosed in this advisory, see [NOW.NETAPP.COM BugsOnline](http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=169359).
Network Appliance sent out Field Alert Notice #260 to customers today about this upgrade. From their email:
Important Fixes --------------- 175888 - Filer stops serving NFS after a bad thread synchronization event 176788 - FAS3020/FAS3050 may respond slowly to requests, exhibit poor performanceThat's it. NOT ONE WORD ABOUT A VULNERABILITY OR A FIX. From reading that synopsis, if I weren't using NFS or a FAS3020/FAS3050, I probably wouldn't be very interested in applying the update, and my systems would remain vulnerable.
You're releasing security fixes for an infrastructure product without telling your customers! Who do you think you are, Cisco?
Almost as annoying: I went to view the NetApp pages linked above, and the site made me register. After registration, I'm told I'm not authorized to view the pages. (So why'd you want me to register?)
Current thread:
- Network Appliance iSCSI Authentication Bypass advisories (Oct 25)
- Re: Network Appliance iSCSI Authentication Bypass Steve Shockley (Oct 29)
- Re: Network Appliance iSCSI Authentication Bypass steve . shockley (Oct 29)
- Re: Network Appliance iSCSI Authentication Bypass Steve Shockley (Oct 29)