Dailydave mailing list archives
Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months
From: Adam Shostack <adam () homeport org>
Date: Mon, 14 Nov 2005 11:33:44 -0500
On Mon, Nov 14, 2005 at 05:27:38PM +0100, Florian Weimer wrote: | Regarding the lack of CVE IDs, I'd bet that vendors don't tell each | other which bugs in which code the test suite has uncovered, which | means that you cannot assign meaningful CVE IDs. AFAIK, MITRE isn't | too happy about shotgun testing and the mess it causes. Happy or not, they've handled OUSPG's testing in the past, with the SNMP test suite. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012, http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013 Adam
Current thread:
- NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)