Bugtraq mailing list archives
Re: SiteMinder Multiple Vulnerabilities
From: Tero Hänninen <tero () betabyte net>
Date: Mon, 11 Jul 2005 19:26:12 +0200
On Fri, 2005-07-08 at 14:03 +0000, c0ntexb () gmail com wrote:
/* ***************************************************************************************************************** $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities ***************************************************************************************************************** 1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com 2: Bug Released: July 08 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Remote ***************************************************************************************************************** $ This advisory and/or proof of concept code must not be used for commercial gain. *****************************************************************************************************************
What patch level did you research this on? I've tested with 5QMR7 HF-08 and it doesn't seem to be working. Similar (the same?) vulnerability was reported on 17th of January by Marc Ruef (http://www.securityfocus.com/archive/1/387569) and has been fixed by Netegrity/CA some time ago in the 5QMR7 agents (HF-06 if I recall correctly). Best Regards, Tero Hänninen -- Tero Hänninen | tero () betabyte net | http://www.betabyte.net/ | Overflow error in /dev/null
Current thread:
- SiteMinder Multiple Vulnerabilities c0ntexb (Jul 08)
- Re: SiteMinder Multiple Vulnerabilities Tero Hänninen (Jul 11)
- <Possible follow-ups>
- Re: SiteMinder Multiple Vulnerabilities Williams, James K (Jul 19)