Full Disclosure mailing list archives
Re: iDEFENSE Security Advisory 08.18.04: Courier-IMAP Remote Format String Vulnerability
From: Kyle Maxwell <krmaxwell () gmail com>
Date: Wed, 18 Aug 2004 15:58:13 -0500
On Wed, 18 Aug 2004 12:32:55 -0400, idlabs-advisories () idefense com <idlabs-advisories () idefense com> wrote:
Courier-IMAP Remote Format String Vulnerability iDEFENSE Security Advisory 08.18.04 www.idefense.com/application/poi/display?id=131&type=vulnerabilities August 18, 2004
[snip]
The vulnerability specifically exists within the auth_debug() function defined in authlib/debug.c: VIII. DISCLOSURE TIMELINE 08/10/2004 Initial vendor contact 08/10/2004 iDEFENSE clients notified 08/11/2004 Initial vendor response 08/18/2004 Public disclosure IX. CREDIT An anonymous contributor is credited with discovering this vulnerability. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp X. LEGAL NOTICES Copyright (c) 2004 iDEFENSE, Inc.
It's interesting to note that this was reported in March 2004 and reported at http://www.securityfocus.com/bid/9845. The CVE project had already announced an ID (see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224 or your preferred CVE database). Unless there's something substantially new here, iDEFENSE is charging customers for (and trying to gain reputation based on) information that is months old without even giving credit where its due. Perhaps the concept of plagiarism is worth reviewing here. -- Kyle Maxwell krmaxwell () gmail com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 08.18.04: Courier-IMAP Remote Format String Vulnerability idlabs-advisories (Aug 18)
- Re: iDEFENSE Security Advisory 08.18.04: Courier-IMAP Remote Format String Vulnerability Kyle Maxwell (Aug 18)
- Re: iDEFENSE Security Advisory 08.18.04: Courier-IMAP Remote Format String Vulnerability Richard Johnson (Aug 18)