<<< Date Index >>>     <<< Thread Index >>>

Re: Network Appliance iSCSI Authentication Bypass



advisories@xxxxxxxxxxxx wrote:
### Vendor Response

Network Appliance Data ONTAP 7.0.2 is a General Availability release: http://now.netapp.com/NOW/cgi-bin/software


Release of this advisory was coordinated with Network
Appliance. Network Appliance has confirmed this vulnerability. For
further information about the vulnerability disclosed in this
advisory, see
[NOW.NETAPP.COM 
BugsOnline](http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=169359).

Network Appliance sent out Field Alert Notice #260 to customers today about this upgrade. From their email:

Important Fixes
   ---------------
   175888 - Filer stops serving NFS after a bad thread synchronization
            event

   176788 - FAS3020/FAS3050 may respond slowly to requests, exhibit poor
            performance

That's it. NOT ONE WORD ABOUT A VULNERABILITY OR A FIX. From reading that synopsis, if I weren't using NFS or a FAS3020/FAS3050, I probably wouldn't be very interested in applying the update, and my systems would remain vulnerable.

You're releasing security fixes for an infrastructure product without telling your customers! Who do you think you are, Cisco?

Almost as annoying: I went to view the NetApp pages linked above, and the site made me register. After registration, I'm told I'm not authorized to view the pages. (So why'd you want me to register?)