Vulnerability Development mailing list archives

Query

From: TLR () portcullis-security com
Date: Tue, 16 Jul 2002 15:51:02 +0100

I think I know the answer to this but I just wanted to get a straw Poll type
opinion from you guys.

Recently, whilst performing a Penetration Test I developed a Java script
which, with the use of some tools, disables a well known personal firewall.
This personal firewall was designed as is used so that the company can
centrally control what Hosts and Networks a user can access via the use of
profiles. Can you see what it is yet? Anyway, would you guys consider the
ability to disable the firewall remotely a vulnerability or does it fall
simply in the arena of technique in the use of already existing tools and
vulnerabilities?

Cheers,Liam.

Current thread:

Query TLR (Jul 16)
- Re: Query rogue (Jul 16)
- Re: Query Blue Boar (Jul 16)
- Re: Query Roland Postle (Jul 16)
- <Possible follow-ups>
- RE: Query Eric D. Williams (Jul 16)
- RE: Query TLR (Jul 17)