Penetration Testing mailing list archives
Re: Full Disclosure of Security Vulnerabilities
From: Don Miesle <donmiesle () mac com>
Date: Thu, 01 Nov 2007 09:11:55 -0400
If you really want to make sure that this issue gets resolved, and you are not prohibited from reporting this vulnerability (via contract or disclosure agreement) you can report it the the CERT coordination center: Here's the form to report the vulnerability: http://w w w .cert.org/reporting/vulnerability_form.txt and send it to cert_at_cert_dot_org as well as information on what happens when you report a vulnerability: http://w w w.cert.org/kb/vul_disclosure.html Regards, Don -------- Original Message -------- Subject: Full Disclosure of Security Vulnerabilities From: jfvanmeter () comcast net To: pen-test () securityfocus com Date: 10/31/2007 1:00 PM
Hello Everyone, I would llike to get your thoughts on Full Disclosure of Security Vulnerabilities . About 3 weeks ago during a per-test of a software suite for a client of myine, I found a directory traversal in a software suite that my client has installed on thousands of workstation. I send screen shots and a packet capture to the vendor and they were able to to recreate the exploit. my cleint doesn't want to go public with it because of the thousands of workstations and servers that its installed on. I also don't believe the vendor will go public with it, what would you all do? Best Regards --John ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Full Disclosure of Security Vulnerabilities Mike Hale (Nov 01)
- <Possible follow-ups>
- Re: Full Disclosure of Security Vulnerabilities jfvanmeter (Nov 01)
- Re: Full Disclosure of Security Vulnerabilities Junaid (Nov 01)
- Re: Full Disclosure of Security Vulnerabilities Don Miesle (Nov 01)
- Re: Full Disclosure of Security Vulnerabilities jfvanmeter (Nov 01)
- Re: Full Disclosure of Security Vulnerabilities Patrick J Kobly (Nov 01)
- Re: Full Disclosure of Security Vulnerabilities mlevenstein (Nov 01)
- Re: Full Disclosure of Security Vulnerabilities jfvanmeter (Nov 01)
- RE: Full Disclosure of Security Vulnerabilities Security Department, anjiTech Data Solutions LLC (Nov 06)