Since this went to the entire list, I'll reply to the list for the benefit of all. Today, ESM 4.5 can be ordered through the normal AXENT Technologies product channels. Currently AXENT account managers are located through out the world and can take your order for ESM version 4.5. It has been shipping since March, 1998. AXENT products are rolled out to the majority of the Fortune 500 companies in the US and Worldwide, and those same companies rely heavily upon ESM being robust in order to provide proven products for general availability. The product goes through 3 major cycles: Beta, ESP and GA. Currently 4.4 is the GA product and 4.5 is in the ESP phase (soon to be GA). By going through a full production ESP cycle, then customers that desire the additional functionality can acquire the ESP product and those that want to wait for the GA release can do so. Steve Jackson -----Original Message----- From: dcuppat_private [mailto:dcuppat_private] Sent: Thursday, September 24, 1998 3:23 PM To: BUGTRAQat_private Subject: Re: Security Hole in Axent ESM Steve, What is the real story with 4.5? I tried getting an upgrade without sucess. Your email signature indicates you are the product manager for AXENT ESM. According to Axent technical support ESM 4.4 is the latest GA version of ESM. ESM 4.5 is not the product shipped to customers who order ESM today. Support could not tell me how to receive a copy of 4.5. This conflicts with your claims that ESM 4.5 with security fixes has been shipping since March of 1998 and this still leaves my network vulnerable to someone modifying binaries and spoofing the CRC checksums. IMHO, leaving the CRC file checksums and just adding the MD5 as an option in future versions of ESM may not be clear to most customers that CRC's can be easily spoofed and are weak checksums. Is there any reason you don't make MD5 the default requirement if you are doing checksums and remove CRC's? Maybe you can provide clarifications on where to get the security fixes for ESM 4.5 to make it secure? Your tech support needs the information as well. Dan Cupp System Administrator UNIX / PERL Ninja! --------------------------------------------------- Get free personalized email at http://www.iname.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:44 PDT