[HECnet] Security hole in CSWS
Sampsa Laine
sampsa at mac.com
Mon Sep 21 21:57:41 PDT 2009
Yes, I have reported it to VMS engineering in India about an hour ago (well I assume in India, the guys had subcontinent accents) and they said they'd get back to me.
I'm trying to be reasonably "responsible disclosure" about this, so please don't spread the news TOO widely before HP gets a chance to fix this (== no posts to comp.os.vms or 'Full Disclosure' please :) but feel free to warn any responsible parties you think need a heads up.
I will be posting an advisory later to Bugtraq or some such once HP has managed to fix the issue.
Sampsa
On 21 Sep 2009, at 21:46, Brian Hechinger wrote:
On Mon, Sep 21, 2009 at 08:17:02PM +0100, Sampsa Laine wrote:
Guys,
What do you guys think, worth getting in touch with HP? I think this
could be a potential disaster waiting to happen...
A VMS Guru friend of mine replied with this:
=======================================================================
Not surprising. I would guess that the source code makes some
bad assumptions about file specifications.
It should definitely be reported to HP.
=======================================================================
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
More information about the Hecnet-list
mailing list