Dailydave mailing list archives
Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 14 Nov 2005 17:44:10 +0100
* Adam Shostack:
On Mon, Nov 14, 2005 at 05:27:38PM +0100, Florian Weimer wrote: | Regarding the lack of CVE IDs, I'd bet that vendors don't tell each | other which bugs in which code the test suite has uncovered, which | means that you cannot assign meaningful CVE IDs. AFAIK, MITRE isn't | too happy about shotgun testing and the mess it causes. Happy or not, they've handled OUSPG's testing in the past, with the SNMP test suite. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012, http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
For some values of "handled". Quote from the CVE descriptions: | NOTE: It is highly likely that this candidate will be SPLIT into | multiple candidates, one or more for each vendor. This and other | SNMP-related candidates will be updated when more accurate information | is available.
Current thread:
- NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)