Vulnerability Development mailing list archives

Re: Query

From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 16 Jul 2002 13:54:02 -0700

TLR () portcullis-security com wrote:

Recently, whilst performing a Penetration Test I developed a Java script
which, with the use of some tools, disables a well known personal firewall.
This personal firewall was designed as is used so that the company can
centrally control what Hosts and Networks a user can access via the use of
profiles. Can you see what it is yet? Anyway, would you guys consider the
ability to disable the firewall remotely a vulnerability or does it fall
simply in the arena of technique in the use of already existing tools and
vulnerabilities?

Or you could just post the details, so it can be decided with all theavailable information. I mean that seriously, it is kind of the maincharter of the list. Are you trying to decided so you can warn the vendorahead of time?

BB

Current thread:

Query TLR (Jul 16)
- Re: Query rogue (Jul 16)
- Re: Query Blue Boar (Jul 16)
- Re: Query Roland Postle (Jul 16)
- <Possible follow-ups>
- RE: Query Eric D. Williams (Jul 16)
- RE: Query TLR (Jul 17)