Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability

Re: [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability

From: Filipe Balestra <filipe_at_balestra.com.br>
Date: Wed, 2 Jul 2008 02:19:01 -0300

mrdkaaa,

are you saying that this vulnerability is not new to the public?

The program phgrafx had some vulnerabilities published, but this one is not the same of any other that I can find in securityfocus. One program can have a lot of vulnerabilities :)

But yes, this vulnerability is at least four years old, but was not public.

Anyway, QNX released Service Packs to solve some security problems in the past, and it's not our problem, we are advising the customers, they can choose or not the company. If you are a customer you probably would like to know about security issues in all product that you use. Also, we agree it's a crap vuln, that's why we took too long to release it. Whatever, why hold it?

p.s.: Rodrigo and me are no longer working for Scanit, so it's just a personal opinion, not a company official position. If you want to know about the company vulnerability release process or any other information, please, contact the Scanit R&D team.

Cheers,

Filipe Alcarde Balestra

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jul 01 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos