BugTraq
SiteMinder Multiple Vulnerabilities Jul 08 2005 02:03PM
c0ntexb gmail com (1 replies)
Re: SiteMinder Multiple Vulnerabilities Jul 11 2005 05:26PM
Tero Hänninen (tero betabyte net)
On Fri, 2005-07-08 at 14:03 +0000, c0ntexb (at) gmail (dot) com [email concealed] wrote:
> /*
> ************************************************************************
*****************************************
> $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities
> ************************************************************************
*****************************************
> 1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com
> 2: Bug Released: July 08 2005
> 3: Bug Impact Rate: Medium / Hi
> 4: Bug Scope Rate: Remote
> ************************************************************************
*****************************************
> $ This advisory and/or proof of concept code must not be used for commercial gain.
> ************************************************************************
*****************************************

What patch level did you research this on? I've tested with 5QMR7 HF-08 and it doesn't seem to be
working.

Similar (the same?) vulnerability was reported on 17th of January by
Marc Ruef (http://www.securityfocus.com/archive/1/387569) and has been
fixed by Netegrity/CA some time ago in the 5QMR7 agents (HF-06 if I
recall correctly).

Best Regards,
Tero Hänninen

--
Tero Hänninen | tero (at) betabyte (dot) net [email concealed] | http://www.betabyte.net/ |
Overflow error in /dev/null

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus