[VIM] Comment about Milw0rm 5724
George A. Theall
theall at tenablesecurity.com
Sat Jan 17 16:10:30 UTC 2009
On Jan 17, 2009, at 5:59 AM, security curmudgeon wrote:
>
> On Wed, 4 Jun 2008, George A. Theall wrote:
>
> (note the date of the original post)
>
> : In case anyone's interested, I have verified the issue in milw0rm
> 5724.
> : The catch, though, is that the affected application is not a Drupal
> : module as listed in DreamTurk's advisory but an older incarnation of
> : Lifetype known as pLog. I tested against version 1.0.1, which you
> can
> : find in the project archives here:
> :
> :
> : http://sourceforge.net/project/showfiles.php?group_id=83964&package_id=86556
> :
> : P.S. I noticed that SecurityFocus seems to have completely removed
> : Bugtraq ID 29495, which had been created for this issue. Does anyone
> : know if this is because of confusion about the "vendor"?
>
> BID 29495 is public again and reflects 'LifeType'. Not sure when it
> was
> restored, presumably shortly after this post.
It seems to have been modified in June 2008. Probably in response to
this <http://drupal.org/node/269303>.
As for the product name in the Bugtraq entry, I'm not sure why it
doesn't mention the older incarnation; eg, pBlog 1.0.1. They appear to
have received some vendor confirmation; there's no link to it, though,
so perhaps it was a private email.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list