Security Firm @stake Says Your Network May Be Leaking Sensitive Data
The CERT Coordination Center has posted a long list (http://www.kb.cert.org/vuls/id/412115) of network vendors' products that could be vulnerable to the flaw. However, as of now, the majority of vendors haven't disclosed whether their device drivers are at risk. So far, Cisco Systems, F5 Networks, Hitachi, Microsoft, and NEC have reported that they're not vulnerable. According to @stake's advisory, the software and hardware vendors were notified of the potential flaw in June 2002. According to CERT, no statement concerning this vulnerability is yet available from more than 40 of the vendors notified more than six months ago.
The link for this article located at CommWeb is no longer available.