[Full-Disclosure] RE: Anyone know IBM's security address?

From: Discini, Sonny (Sonny.Discini_at_montgomerycountymd.gov)
Date: 08/10/04

Next message: advisories: "[Full-Disclosure] Corsaire Security Advisory - Sygate Secure Enterprise replay issue"

Previous message: Frank Knobbe: "RE: [Full-Disclosure] AV Naming Convention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Jedi/Sector One" <j@pureftpd.org>, "Michael Scheidell" <scheidell@secnap.net>
Date: Tue, 10 Aug 2004 10:13:35 -0400

I am currently having the same experience with IBM. Our team has
discovered a crippling vulnerability (in a product in the Tivoli suite)
and for months our IBM contacts have tried passing the buck if they
respond at all. We plan on disclosing the vulnerability before long but
we want to be sure that we run through the normal process before
releasing the information to bugtraq.

Sonny Discini
Senior Network Security Engineer

-----Original Message-----
From: Jedi/Sector One [mailto:j@pureftpd.org]
Sent: Friday, August 06, 2004 5:42 PM
To: Michael Scheidell
Cc: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com
Subject: Re: Anyone know IBM's security address?

On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
> Have a vulnerability in an IBM product.
> sent alert to security@ibm.com secure@ibm.com and cert@ibm.com, all
> three bounced. Can anyone tell me the official address or procedure to

> notify IBM?

  For AIX-releated flaws, the contact is security-alert@austin.ibm.com

  For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.

  Online forms told me to call a number that is unreachable outside USA.

  The AIX security officer told me he would find the right contact but I
never got anything else since.

-- 
 __  /*-    Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com>    -*\
__
 \ '/     Secure FTP Server 
\' /
  \/   Misc. free software 
\/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: advisories: "[Full-Disclosure] Corsaire Security Advisory - Sygate Secure Enterprise replay issue"

Previous message: Frank Knobbe: "RE: [Full-Disclosure] AV Naming Convention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability
... IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability ... IBM Corp.'s Lotus Sametime product provides a real-time online conferencing ... Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus ...
(Bugtraq)
[Full-disclosure] iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DL
... IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability ... IBM Corp.'s Lotus Sametime product provides a real-time online conferencing ... Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus ...
(Full-Disclosure)
[VulnWatch] iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vul
... IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability ... IBM Corp.'s Lotus Sametime product provides a real-time online conferencing ... Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus ...
(VulnWatch)
iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerabi
... IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network ... Remote exploitation of a buffer overflow vulnerability in the web server ...
(Bugtraq)
[Full-disclosure] iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buf
... IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network ... Remote exploitation of a buffer overflow vulnerability in the web server ...
(Full-Disclosure)