[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Correction to latest Colsaire advisories



>The Corsaire research project produced test cases for around 200 working
>attack vectors, that when passed through the top 10 content products
>produced over 800 individual vulnerabilities (needless to point out that
>there are a lot more than 10 products in this arena).

Not wanting to quibble, but looking for clarification:

The associated UNIRAS advisory
(http://www.uniras.gov.uk/vuls/2004/380375/mime.htm) lists the responses
from various vendors with regards to these issues. I presume that these are
nine of the "top 10 content providers". Vendors include:

Apple, F-Secure, Fujitsu, HP, IBM, MessageLabs, Mozilla and ripMIME.

Only ripMIME and F-Secure (Server products affected, workstation products
fine) claim to have been found wanting. The remainder clearly state that
their products, when put through the test suite, were _not_ found to be
vulnerable.

How does this translate to the figures you're talking about? I ask this to
better understand the risk. Is this something everything else should be
dropped for and this prioritized? From the UNIRAS advisory I'd assume not,
unless of course you use F-secure servers or ripMIME, and, at the moment, it
all seems a bit like a storm in a teacup.

I also note that Microsoft was not listed as a vendor that responded. Were
their products tested and if so what were the results?

Cheers,
David Litchfield
NGSSoftware Ltd
http://www.nextgenss.com/
http://www.databasesecurity.com/
+44(0)1334 470 027