TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- I'm not sure how many of you saw the announcement, but X-Press Update 4.6 was recalled due to an unforeseen issue. It should be re-released within a matter of days, and will in all probability still contain the Irix-telnet check. I hope this did not cause any inconvenience for Internet Scanner users. Please contact myself or Eric Gonzales (Product Manager for Internet Scanner) if you have any questions. Patrick Wheeler Technical Product Manager for Internet Scanner -----Original Message----- From: Wheeler, Patrick (ISSAtlanta) Sent: Wednesday, January 03, 2001 11:59 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: CVE-2000-0733 irix-telnetd-syslog-format Dear Mr. Bukys, Thank you for your feedback on Internet Scanner. We are always trying to provide the most comprehensive check coverage possible while still meeting time constraints and keeping abreast of new vulnerabilities. I am pleased be able to inform you that Internet Scanner X-Press Update 4.6, which was made generally available today, contains a check for the vulnerability you describe below. The following is a brief description of the check: Name: IrixTelnetdSyslogFormat Risk Level: High Category: Daemons Description: IRIX telnetd syslog format string could allow remote code execution as root I hope this will help Internet Scanner better meet the security needs of your network. Thank you for choosing Internet Scanner, and have a great day. Regards, Patrick Wheeler Technical Product Manager Internet Security Systems, Inc. 6303 Barfield Rd. Atlanta, GA 30328 ph. 404.236.2818 ++ Internet Security Systems - The Power to Protect ++ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 21, 2000 4:34 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: CVE-2000-0733 irix-telnetd-syslog-format TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- I confess that I have been ASSUMING that the X-pressUpdates have been keeping me update with vulnerability scanners. Today I looked for a specific one, CVE-2000-0733, irix-telnetd-syslog-format, as seen in http://xforce.iss.net/static/5092.php, and from what I can tell, there is just no sign of a test for this problem. ISS 6.1, latest X-pressUpdates installed. Is it that ISS is seriously behind on exploit tests, they never even try for complete coverage, or have I gone wrong in configuration or searching? Liudvikas Bukys [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
FW: CVE-2000-0733 irix-telnetd-syslog-format
Wheeler, Patrick (ISSAtlanta) Thu, 04 Jan 2001 18:02:51 -0800
- CVE-2000-0733 irix-telnetd-syslog-format bukys
- RE: CVE-2000-0733 irix-telnetd-syslog-f... Wheeler, Patrick (ISSAtlanta)
- Wheeler, Patrick (ISSAtlanta)
