Bugtraq mailing list archives
AVM's Statement
From: eax () MAD SCIENTIST COM (eAX [Teelicht])
Date: Wed, 19 Apr 2000 11:47:06 -0400
Here is the staement of the very friendly people from AVM: eAX - Statement german - Das beschriebene Sicherheitsloch beschränkt sich ausschließlich auf das firmeninterne Netzwerk. Gegenüber dem Internet ist das eigene Firmennetzwerk komplett durch KEN! (NAT) abgeschirmt. KEN! ist nicht für große Firmen konzipiert sondern für "kleine Netze" in denen wir von überschaubaren Arbeitsgruppen ausgehen, die einander vertrauen können. Davon abgesehen ist das beschriebene Verhalten korrekt, uns seit einigen Tagen auch bekannt und mit der neusten Version von KEN! 1.04.32 gefixt. Diese Version steht ab heute auch offiziell zum Download auf dem ADC kostenlos zur Verfügung. - Statement english - The described security hole is only exploitable in local networks. The Ken! Server secures itself against attacks from the internet with a NAT shield. Ken! wasn't designed for enterprises but for small networks, were we can expect the people to trust each other. The described errors exist and are known since a few days. They were fixed in the latest Version of Ken! 1.04.32 which is now officely free for download at the ADC. -END- P.S.: Thanks to the people from AVM for being so fast in fixing the bug, you are really cool ;)! ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Re: response to the bugtraq report of buffer overruns in imapd LIST command, (continued)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Theo de Raadt (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command R. C. Dowdeswell (Apr 17)
- xfs security issues (fwd) Chris Evans (Apr 17)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
- RUS-CERT Advisory 200004-01: GNU Emacs 20 RUS-CERT, University of Stuttgart (Apr 18)
- More vulnerabilities in FP Narrow (Apr 18)
- Re: More vulnerabilities in FP The Cyberiad (Apr 19)
- Re: More vulnerabilities in FP Ron van Daal (Apr 22)
- Re: More vulnerabilities in FP The Cyberiad (Apr 19)
- AVM's Statement eAX [Teelicht] (Apr 19)
- Adtran DoS Mike Ireton (Apr 19)
- FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs FreeBSD Security Officer (Apr 19)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Warner Losh (Apr 17)
- pwdump2 for Active Directory Todd Sabin (Apr 18)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Henrik Nordstrom (Apr 18)
- Cooments on the dvwssr.dll vulnerability threads Iván Arce (Apr 17)
- Re: Cooments on the dvwssr.dll vulnerability threads David LeBlanc (Apr 18)
- Last call for extended abstracts - Raid 2000 - Deadline is April 30th Herve Debar (Apr 18)
- Re: response to the bugtraq report of buffer overruns in imapd LIST command Kris Kennaway (Apr 17)