On Mon, Jul 13, 2009 at 7:25 PM, Ryan Russell <span dir="ltr"><<a href="mailto:ryan@thievco.com">ryan@thievco.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I have a "vendor response" from FileRun:<br>
"Those vulnerabilities were published in February 2007 by<br>
"<a href="http://pridels0.blogspot.com" target="_blank">pridels0.blogspot.com</a>" and taken over by "<a href="http://secunia.com/" target="_blank">http://secunia.com/</a>". Since<br>
then, this information was copied by all kind of websites with<br>
information on software vulnerabilities. Anyway, they were affecting the<br>
public demo that was on display and were fixed in the first FileRun<br>
major version (1.0). <br>
</blockquote><div><br><br>It looks like the Secunia (and the rest of us) borked the link. The original report can be viewed at <a href="http://pridels0.blogspot.com/2007/05/filerun-vuln.html">http://pridels0.blogspot.com/2007/05/filerun-vuln.html</a><br>
<br>
r0t claims that 1.0 and earlier are affected, so that seems to be at
odds with the vendor response. Are you able to verify whether 1.0 is
vulnerable?<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Covering these:<br>
<a href="http://osvdb.org/search?search%5Bvuln_title%5D=filerun&search%5Btext_type%5D=titles" target="_blank">http://osvdb.org/search?search[vuln_title]=filerun&search[text_type]=titles</a></blockquote><br><br></div>
I'm going to update our entries with the new advisory URL. If you come
up with any additional info, feel free to forward it on, or mangle it
up and we'll push out the update.<br>
<br>
Thanks,<br>
Steve<br>
<a href="http://osvdb.org">osvdb.org</a>