Full Disclosure mailing list archives
iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability
From: "iDefense Labs" <labs () idefense com>
Date: Mon, 16 Aug 2004 16:22:05 -0400
Stefan, We were aware that the vulnerability had been patched due to the work of Sebastian Krahmer and yourself as this was mentioned by CVS during the vendor disclosure process. We chose to proceed with the disclosure as it did not appear that the CVE number for this issue had been reserved/publicized or that specific details of this vulnerability had been posted. We do not however wish to take credit from you for your efforts. Regards, Michael Sutton
Hi iDEFENSE,
This issue was patched in the latest (June 9th) releases of CVS, specifically 1.11.17 & 1.12.9.
well guess WHY it was fixed... maybe because it was found and reported by Sebastian Krahmer back ub May?
VIII. CREDIT An anonymous contributor is credited with discovering this vulnerability.
...
Get paid for vulnerability research
The bug was officially fixed with the last releases because it was already found at that time by Sebastian Krahmer. So I suggest that you ask him for his bank account.
It is quite funny that this is the 3rd (or maybe 4th) incident I know off, where you pay people for vulnerabilities that were already found and reported by others.
Stefan Esser
-- ------------------------------------------------------------------------ -- Stefan Esser s.esser () e-matters de e-matters Security http://security.e-matters.de/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69 ------------------------------------------------------------------------ -- Did I help you? Consider a gift: http://wishlist.suspekt.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability idlabs-advisories (Aug 16)
- Re: iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability Stefan Esser (Aug 16)
- <Possible follow-ups>
- iDEFENSE Security Advisory 08.16.04: CVS Undocumented Flag Information Disclosure Vulnerability iDefense Labs (Aug 16)