Full Disclosure mailing list archives
Re: Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
From: Reed Arvin <reedarvin () gmail com>
Date: Mon, 15 Aug 2005 08:01:13 -0700
Hmm...that is interesting. I assure you that they were notified and were given all of the information in the original post to Full-Disclosure at http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036022.html well before it was posted. I was surprised that there was no reply also. However, they are a large company. Things can slip through the cracks I guess. As to the statement that was made about not following "standard industry practices", I could only assume that they would add that to save face. But it doesn't bother me too much because I had the best of intentions when attempting to notifying them and disclosing the vulnerability. On 8/15/05, NoBrain NoPain <nobnop () gmail com> wrote:
Hello, Reed Arvin wrote:Patches/Workarounds: The vendor was notified of the issue. There was no response.Vendor Response: http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml&language=en_US One can find there: "McAfee was not notified in advance of this vulnerability per "standard industry practices". It would be interesting when you contacted McAfee and what you told them...;) -- nobnop
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) Reed Arvin (Aug 11)
- <Possible follow-ups>
- Re: Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) NoBrain NoPain (Aug 15)
- Re: Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) Reed Arvin (Aug 15)