[Informix] Is Telelogic's Synergy integrated Informix server also vulnerable?

["Sec Anon" <sec_anon () hotmail com>]

Hi all,

  Well we have read David's Litchfield's paper on how insecure and easy 
cracking unpatched versions of Informix is. But how about the OEM vendors 
like Telelogic with their Synergy product range? Telelogic's Synergy Change 
and CM are enterprise products for Change Management control which exist in 
many large corporations and are business critical. It might be sufficient to 
say most likely these products are also vulnerable to the same attacks. As 
they are OEM the existing patches can't be applied. Telelogic don't seem to 
be doing anything about it, so how can we defend our boxes? We can't. This 
is a request to the security community for support in helping to determine 
if these OEM vendors are vulnerable and hopefully getting them to fix their 
products.

http://www.databasesecurity.com/informix-securing.htm   David's paper
http://www.telelogic.com/corp/products/synergy/index.cfm   Vendor page

-SecAnon

_________________________________________________________________
Search from any web page with powerful protection. Get the FREE Windows Live 
Toolbar Today!   http://get.live.com/toolbar/overview