[VIM] Energizer DUO USB battery charger Issue
security curmudgeon
jericho at attrition.org
Wed Mar 10 00:25:15 UTC 2010
I replied to Deapesh already, but since asked here:
: This is regarding the 'Energizer DUO USB battery charger' issue
: (http://www.kb.cert.org/vuls/id/154421 and
: http://osvdb.org/show/osvdb/62782)
:
: I am not sure as to why this is labeled as a vulnerability. Anyone care
: to share their thoughts?
:
: Also why was a CVE ID released for this issue: CVE-2010-0103 ?
I noticed this was the first time other VDBs assigned it. We have an
internal discussion going wether we should go back and add other cases of
'certified pre-owned' (how we classify them and track on Attrition
Errata).
In short, it is a vulnerable software package being distributed by a
company. Instead of an exploit to abuse a remote overflow, just happens to
be much easier to exploit. But, it is still vulnerable software.
http://attrition.org/errata/cpo/ (not updated with a few recent ones,
we're overhauling the pages)
Brian
More information about the VIM
mailing list