[VIM] vendor clarification for CVE-2006-6404 (Innovation DoS)
Steven M. Christey
coley at linus.mitre.org
Wed Oct 28 20:52:42 UTC 2009
The CVE team has been contacted by the INNOVATION security team, who has
provided specific version and product information for CVE-2006-6404 (OSVDB
30782). They have stated the following:
"The DoS Vulnerability problem posting of 19 Oct 2009 incorrectly
identifies the wrong INNOVATION Data Processing product FDR, a z/OS
mainframe data protection solution, and is actually describing a
vulnerability discovered in an obsolete version of FDR/UPSTREAM our
Enterprise Data Protection Solution. The FDR/UPSTREAM vulnerability in
question exists in Rel 3.3.0 (GA Oct 2003), corrected in October 2003
with a temporary fix subsequently made generally available in a
following release (Rel 3.3.0.A) during the first quarter of 2004.
Testing for susceptibility to this DoS vulnerability is in place since
then and this DoS vulnerability does not exist in any current release
of FDR/UPSTREAM."
(while this has a 2006 CVE, it was only made public within the past few
weeks, I believe.)
- Steve
More information about the VIM
mailing list