[VOIPSEC] VoIPshield 10.08.08 and 11.11.08 Vulnerabilities
Dustin D. Trammell
dtrammell at breakingpoint.com
Mon Nov 17 18:05:44 CST 2008
Since I've been fairly vocal regarding VoIPshield's questionable
advisory practices in the past, pointing out their blatant advisory
duplication tactic that essentially turned a handful of single
vulnerabilities into an exponential number of extraneous associated
advisories, I felt it only fair to also point out that their last two
batches of vulnerability advisories on 10.08.08 and 11.11.08 involved NO
such chicanery[1].
Each vulnerability advisory from these two batches appear to be unique,
valid vulnerabilities, with no advisory duplication. In fact, one
advisory[2] might even could have been legitimately split into multiple
advisories if the various ports involved did not all belong to the same
service/application (not enough detail to be clear).
Kudos to VoIPshield for cleaning up their act! Now, how do we convince
them to also clean up the older advisories in their database of all the
duplication and condense those down into individual advisories per
vulnerability? (:
[1] http://www.voipshield.com/research.php
[2] http://www.voipshield.com/research-details.php?id=129
--
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.
More information about the Voipsec
mailing list