Re: Cheyenne Inoculan vulnerability on NT

[aleph1 () DFW NET (Aleph One)]

---------- Forwarded message ----------
Date: Tue, 16 Jun 1998 08:11:03 -0400
From: Russ <Russ.Cooper () RC ON CA>
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: Re: Cheyenne Inoculan vulnerability on NT

According to a conversation I had with Computer Associates International
Tech Support, the problem described on June 10th regarding being able to
run arbitrary code on a machine running Inoculan v4.0

HAS NOT BEEN FIXED

by their patch "Update to build 373, Service Pack 2A - il0145.zip".

As of today, they stated that they hope to have a fix publicly available
with the next signature file update. CAI have their own Listserv to keep
interested parties up-to-date regarding their products;

To keep updated with the latest news about InocuLAN, ARCserve & FAXserve
please subscribe to CA E-news
http://www.cai.com/cheyenne/listserv/

CAI do have a temporary fix which they have made available to at least
one Inoculan customer. Why they have not deemed this important enough to
make it available to all customers is a mystery. The original poster of
this thread waited until he had seen the temporary fix in action before
posting the exploit information on the assumption that what he received
was now publicly available.

If you run Inoculan, contact CAI and insist on the temporary fix until
they make it available as part of a general service pack.

Cheers,
Russ