>This one seems exactly the same vulnerability I disclosed in February
>2008 and for which I wrote also a testing attack (number 7) in my
>doubletakedown proof-of-concept [...blah blah...]
Good for you, but you do realize that the bug was reported to
the vendor in May 2007. You were just 8 month
> During the handling of an encoded authentication request, the process
> copies the user-supplied login information into a fixed length stack
> buffer
This one seems exactly the same vulnerability I disclosed in February
2008 and for which I wrote also a testing attack (number 7) in my
doubletake
ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing
Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-034
June 4, 2008
-- CVE ID:
CVE-2008-1661
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard StorageWorks
-- TippingPo
