In-Reply-To: <20020709203216.28332.qmail@mail.securityfocus.com> Well, the release notes for the service packs does mention the vulnerability you're talking about. 6.0 SP 3: http://docs.iplanet.com/docs/manuals/enterprise/60sp3/rn60sp3.html 4.1 SP 10: http://docs.iplanet.com/docs/manuals/enterprise/41/rn41sp10.html Download page: http://wwws.sun.com/software/download/inter_ecom.html#webs Cheers /Hubbel Yo >I originally wrote to Sun about this on May 22 2002 and >was advised that it would be fixed in the next Service >Pack. David Litchfield says that 6.0 SP3/4.1 SP10 is >out, but I don't yet see it on their Product Tracker >site. I was going to wait to release this information >until I had the Service Pack, feeling secure with my >Snort sig but decided to go ahead since it pales in >comparison to David's buffer overflow advisory.
