Re[4]: Correction to latest Colsaire advisories

[3APA3A <3APA3A () SECURITY NNOV RU>]

Dear advisories,

--Tuesday, September 14, 2004, 6:24:09 PM, you wrote to full-disclosure () lists netsys com:

a> Did you try Google? ;)

a> http://www.uniras.gov.uk/vuls/2004/380375/mime.htm

I  saw  this link in your advisory. For this case I teach my students to
use  information  already  gathered.  Only  vulnerable product listed is
ripMIME.  ripMIME  team  always  replies  to  this kind of incidents and
provides really good solution (better than recommended one, BTW).

a> Admitedly it is a bit thin at the moment (and many names are conspicous by
a> their absense). This should improve as more vendors provide a statement.

> > Of cause, poor, busy and tired 3APA3A can not do it alone.

a> You never had to; NISCC, CERT/CC?

I did with CERT. It looks like for last 2-3 years CERT does not responds
to  individual  researchers.  BTW:  there  is  no more CERT/CC. Now it's
CERT-US.

> > How this information helps vendors to secure their products?

a> Any vendors (who have not already been involved so far) who wish to get more
a> detail are encouraged to contact the NISCC team and request a copy of the
a> test suite.

-- 
~/ZARAZA
Ñýð Èñààê Íüþòîí îòêðûë, ÷òî ÿáëîêè ïàäàþò íà çåìëþ. (Òâåí)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html