[VIM] vendor clarification for CVE-2006-6404 (Innovation DoS)

Steven M. Christey coley at linus.mitre.org
Wed Oct 28 20:52:42 UTC 2009


The CVE team has been contacted by the INNOVATION security team, who has
provided specific version and product information for CVE-2006-6404 (OSVDB
30782).  They have stated the following:

   "The DoS Vulnerability problem posting of 19 Oct 2009 incorrectly
   identifies the wrong INNOVATION Data Processing product FDR, a z/OS
   mainframe data protection solution, and is actually describing a
   vulnerability discovered in an obsolete version of FDR/UPSTREAM our
   Enterprise Data Protection Solution. The FDR/UPSTREAM vulnerability in
   question exists in Rel 3.3.0 (GA Oct 2003), corrected in October 2003
   with a temporary fix subsequently made generally available in a
   following release (Rel 3.3.0.A) during the first quarter of 2004.
   Testing for susceptibility to this DoS vulnerability is in place since
   then and this DoS vulnerability does not exist in any current release
   of FDR/UPSTREAM."

(while this has a 2006 CVE, it was only made public within the past few
weeks, I believe.)

- Steve


More information about the VIM mailing list