Full Disclosure mailing list archives
Re: ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
From: "Jason Areff" <hailtheczar () gmail com>
Date: Wed, 24 Jan 2007 17:35:54 -0600
On 1/24/07, Christian Kujau <lists () nerdbynature de> wrote:
On Wed, 24 Jan 2007, zdi-disclosures () 3com com wrote: > -- Disclosure Timeline: > 2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint > customers > 2006.10.02 - Vulnerability reported to vendor > 2007.01.24 - Coordinated public release of advisory out of curiosity: why took it 1+ year to report this vulneralbility to the vendor?
Where do you see 1+ year? *Pre-existing* means there already existed a "vaccine" that blocked vulnerabilities of this type released in '05. This does not necessarily mean that was when ZDI received the bug submission. So it was reported to the vendor in October and released to the public in January... 4 months is not an outstanding patch time.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability zdi-disclosures (Jan 24)
- Re: ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability Christian Kujau (Jan 24)
- Re: ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability Jason Areff (Jan 24)
- Re: ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability Christian Kujau (Jan 24)