Re[4]: [Full-Disclosure] Correction to latest Colsaire advisories

Dear advisories,

--Tuesday, September 14, 2004, 6:24:09 PM, you wrote to full-disclosure@lists.netsys.com:

a> Did you try Google? ;)

a> http://www.uniras.gov.uk/vuls/2004/380375/mime.htm

I saw this link in your advisory. For this case I teach my students to
use information already gathered. Only vulnerable product listed is
ripMIME. ripMIME team always replies to this kind of incidents and
provides really good solution (better than recommended one, BTW).

a> Admitedly it is a bit thin at the moment (and many names are conspicous by
a> their absense). This should improve as more vendors provide a statement.

>> Of cause, poor, busy and tired 3APA3A can not do it alone.

a> You never had to; NISCC, CERT/CC?

I did with CERT. It looks like for last 2-3 years CERT does not responds
to individual researchers. BTW: there is no more CERT/CC. Now it's
CERT-US.

>> How this information helps vendors to secure their products?

a> Any vendors (who have not already been involved so far) who wish to get more
a> detail are encouraged to contact the NISCC team and request a copy of the
a> test suite.

-- 
~/ZARAZA
Ñýð Èñààê Íüþòîí îòêðûë, ÷òî ÿáëîêè ïàäàþò íà çåìëþ. (Òâåí)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html