TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Dear Mr. Bukys, Thank you for your feedback on Internet Scanner. We are always trying to provide the most comprehensive check coverage possible while still meeting time constraints and keeping abreast of new vulnerabilities. I am pleased be able to inform you that Internet Scanner X-Press Update 4.6, which was made generally available today, contains a check for the vulnerability you describe below. The following is a brief description of the check: Name: IrixTelnetdSyslogFormat Risk Level: High Category: Daemons Description: IRIX telnetd syslog format string could allow remote code execution as root I hope this will help Internet Scanner better meet the security needs of your network. Thank you for choosing Internet Scanner, and have a great day. Regards, Patrick Wheeler Technical Product Manager Internet Security Systems, Inc. 6303 Barfield Rd. Atlanta, GA 30328 ph. 404.236.2818 ++ Internet Security Systems - The Power to Protect ++ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 21, 2000 4:34 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: CVE-2000-0733 irix-telnetd-syslog-format TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- I confess that I have been ASSUMING that the X-pressUpdates have been keeping me update with vulnerability scanners. Today I looked for a specific one, CVE-2000-0733, irix-telnetd-syslog-format, as seen in http://xforce.iss.net/static/5092.php, and from what I can tell, there is just no sign of a test for this problem. ISS 6.1, latest X-pressUpdates installed. Is it that ISS is seriously behind on exploit tests, they never even try for complete coverage, or have I gone wrong in configuration or searching? Liudvikas Bukys [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
RE: CVE-2000-0733 irix-telnetd-syslog-format
Wheeler, Patrick (ISSAtlanta) Thu, 04 Jan 2001 15:03:01 -0800
- CVE-2000-0733 irix-telnetd-syslog-format bukys
- FW: CVE-2000-0733 irix-telnetd-syslog-f... Wheeler, Patrick (ISSAtlanta)
- FW: CVE-2000-0733 irix-telnetd-syslog-f... Wheeler, Patrick (ISSAtlanta)
