Dailydave mailing list archives
Re: More crashes than a destruction derby!
From: "Kurt Seifried" <listuser () seifried org>
Date: Sat, 17 Jan 2004 12:14:25 -0700
SCO UnixWare to be precise. However do not be afraid, evil doers and "miscreants" beware: CyberGuard firewalls have zero vulnerabilities. Security Tracker agrees to remove erroneous 'vulnerability' message posting. Bugtraq security mailing list on December 18th, 2003 and as reported on http://securitytracker.com/alerts/2003/Dec/1008526.html and other security web sites, CyberGuard has determined that the information in the post is indeed false. While the party failed to test and validate the above XSS hole as reported in the above post, we will shed further light on this supposed "vulnerability." The above poster assumes that a XSS hole would provide a miscreant to privileged user credentials by collecting password/username information from the browser information of a CyberGuard administrator desktop machine. CyberGuard uses Tarantella (a java applet) to administer a firewall via HTTPS - we DO NOT store user credentials in the browser. Consequently, there is no privileged data that can be compromised and no vulnerability whatsoever. " Security Tracker agrees with this assessment and will remove the report from its database. We are also working with other security sites that list Security Tracker reports to make sure the CyberGuard "vulnerability" is removed as soon as possible. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- More crashes than a destruction derby! Dave Aitel (Jan 17)
- Re: More crashes than a destruction derby! Kurt Seifried (Jan 17)
- Re: More crashes than a destruction derby! Rodney Thayer (Jan 17)