Re: More crashes than a destruction derby!

["Kurt Seifried" <listuser () seifried org>]

SCO UnixWare to be precise. However do not be afraid, evil doers and
"miscreants" beware:


CyberGuard firewalls have zero vulnerabilities.
Security Tracker agrees to remove erroneous 'vulnerability' message posting.



Bugtraq security mailing list on December 18th, 2003 and as reported on
http://securitytracker.com/alerts/2003/Dec/1008526.html and other security
web sites, CyberGuard has determined that the information in the post is
indeed false. While the party failed to test and validate the above XSS hole
as reported in the above post, we will shed further light on this supposed
"vulnerability."
The above poster assumes that a XSS hole would provide a miscreant to
privileged user credentials by collecting password/username information from
the browser information of a CyberGuard administrator desktop machine.
CyberGuard uses Tarantella (a java applet) to administer a firewall via
HTTPS - we DO NOT store user credentials in the browser. Consequently, there
is no privileged data that can be compromised and no vulnerability
whatsoever. "


Security Tracker agrees with this assessment and will remove the report from
its database. We are also working with other security sites that list
Security Tracker reports to make sure the CyberGuard "vulnerability" is
removed as soon as possible.



Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave