Vendor Security Contacts (v1.1 update)

Vendor Security Contacts (v1.1 update)

Post by Christopher Kla » Thu, 17 Feb 1994 22:09:10



If you have any current list of security related patches for your platform
of Unix, please send them to me and Ill compile them and add them to
this list of vendor security contacts list.  Thanks.

----cut here ---

        Vendor Security Contacts: Reporting Vulnerabilities
        and Obtaining New Patches

Author: Christopher Klaus <ckl...@shadow.net>
Date: February 16th, 1994.
Version: 1.1

        The following is a list of security contacts to reach at various
vendors for reporting security vulnerabilities and obtaining new security
related patches.  
        With the rising number of people and hosts gaining access to the
Internet, the basic integrity of the Net needs to be maintained.  Many of
security incidents that happen on Internet could have been avoided by
installing security patches that are available by vendors.  It is important
to get the recent patches and ensure that your systems are configured
properly.  With intruders and their underground network having quick access
to security vulnerabilities, it is important that administrators have
security information available and not rely on just One organization.

        Here are the security contacts that information is available for:
A/UX, Cray, Dec, HP, IBM, Next, SGI, and Sun.  

        When reporting a new security bug, try to be as specific as
possible about how to reproduce it, which OS release (uname -a), and any
other release numbers of software that are involved.

A/UX
~~~~

Contact information for A/UX as follows:

Send security related information to the following people:
        Erik E. Fair f...@apple.com
        and CC: st...@apple.com

        anto...@aux.support.apple.com (A/UX support person).

Cray
~~~~

Contact information for Cray as follows:

Contact the Support Center at 1-800-950-CRAY or
        612-683-5600 or e-mail supp...@crayamid.cray.com.

Dec
~~~

Contact information for Dec as follows:

Send security related information to the following people:

Reid, Brian K.  (BKR)  r...@PA.DEC.COM (415) 688-1307
Peck, Joseph R.  (JRP50)  p...@PA.DEC.COM (415) 688-1341
Rich Boren rich.bo...@cxo.mts.dec.com (719) 592-4689

Security patches are issued by Customer Support Centers.

HP
~~

Contact information for HP as follows:

        For security concerns, questions, or problems, you can contact:

        security-al...@hp.com

Obtaining Patches:

The HP SupportLine mail service is available to anyone who can send electronic
mail via the Internet.

If you have access to the Internet or can send electronic mail via an Internet
mail forwarder, you can use the HP SupportLine mail service.

********************************************************************************
*                How do I access the HP SupportLine mail service?              *
********************************************************************************

o  To obtain a copy of the HP SupportLine mail service user's guide, send the
following in the TEXT PORTION OF THE MESSAGE to supp...@support.mayfield.hp.com
(no Subject is required):

   send guide

Note: The HP SupportLine mail service user's guide is formatted using nroff. If
you would like an ASCII version of the user's guide or if you are utilizing a
non-UNIX mail reader, replace "send guide" with "send guide.txt".

o  Once your request is received, the HP SupportLine mail service will send you
a copy of the user's guide.

o  If you encounter any problems using the HP SupportLine mail service, report
them to support-feedb...@support.mayfield.hp.com

********************************************************************************
*                     What mailing lists are available?                        *
********************************************************************************

The following is a list of all mailing lists available via the HP SupportLine
mail service:

mailing_list_name    Description
-----------------    -----------
hpux_all_patch       weekly digest of all new hp-ux patches
hpux_300_patch       weekly digest of all new hp-ux s300_400 patches
hpux_700_patch       weekly digest of all new hp-ux s700 patches
hpux_800_patch       weekly digest of all new hp-ux s800 patches

dom_all_patch        weekly digest of all new domain patches
dom_m68k_patch       weekly digest of all new domain m68k patches
dom_a88k_patch       weekly digest of all new domain a88k patches

technical_tips       weekly digest of new HP Technical Tips
existing_news        monthly digest of new Existing Product News
general_news         monthly digest of new HP General News
new_products         monthly digest of new HP Product Information
security_info        Latest digest of new HP Security Bulletins
security_info_list   Index of available HP Security Bulletins

o  To subscribe to an  HP SupportLine mail service mailing list, send the
following in the TEXT PORTION OF THE MESSAGE to supp...@support.mayfield.hp.com
(no Subject is required):

   subscribe mailing_list_name  (i.e. subscribe hpux_all_patch)

On a weekly or monthly basis, the HP SupportLine mail service will create and
distribute the requested mailing_list_name digest directly to your mailbox.

********************************************************************************
*                     How do i get a Patch from HP?                            *
********************************************************************************

If you know the name of the patch needed, Email to:

supp...@support.mayfield.hp.com

with the body of the message stated as:

"send PHKL_9999"

The patch will automatically be mailed back to you with a mail unpacker
script (patch_maker).

If you just want the README for the patch, Email a message to:

supp...@support.mayfield.hp.com

with the body of the message stated as:

"send doc PHKL_9999"

The patch README will be mailed back to you.

        Response Center Customers: 1-800-633-3600
        BasicLine Customers:  1-415-691-3888
        Also try email to bkel...@cup.hp.com

        Outside the U.S., contact your local Response Center.

IBM
~~~

Contact information for IBM as follows:

  IBM support @ 1-800 237-5511
  Email to servi...@austin.ibm.com

  Send security related information to Nick Trio (n...@watson.ibm.com,
a.k.a. postmas...@ibm.com) Unix person on IBM's Computer Emergency Response
Team) and Alan Fedeli (fed...@vnet.ibm.com).

  There are some security patches on anonymous FTP software.watson.ibm.com
in pub/aix3 for AIX.

Security patches are issued through your IBM sales office.

Next
~~~~

Contact information for Next as follows:

Technical Support at "ask_n...@next.com"  
Phone number: 800.848.6398.

Address is 900 Chesapeake Drive; Redwood City, CA; 94063.

SGI
~~~

Contact information for SGI as follows:

        Send security related information to postmas...@sgi.com and they
will forward it to the appropriate person. If there is no response, try
Dave Olson ol...@anchor.esd.sgi.com or Sarah J. Rosedahl sa...@sgi.com
(415)390-1124.

        Support line 1-800-800-4SGI and ask what patches are available.

        There are some security patches on anonymous FTP sgi.com in
directory sgi/IRIX4.0 (or 5.0 if the system is IRIX5).

Security patches are issued through your SGI sales office.

Sun
~~~

Contact information for Sun as follows:

  email: security-al...@sun.com
  phone: 415-688-9081
  Fax:   415-688-9101

postal:
  Sun Security Coordinator
  MS MPK2-04
  2550 Garcia Avenue
  Mountain View, CA 94043-1100

Sun produces "Sun Security Bulletin" - ask security coordinator for it.

Other Resources
~~~~~~~~~~~~~~~

   The CERT (Computer Emergency Response Team) advisory mailing list.  Send
e-mail to c...@cert.org, and ask to be placed on their mailing list.  Past
advisories and other information related to computer security are available
for anonymous FTP from cert.org (192.88.209.5).

   The CIAC (Computer Incident Advisory Capability) of DoE.  To report a
vulnerability, call CIAC at (510) 422-8193 or send e-mail to c...@llnl.gov.
Previous CIAC bulletins and other information is available via anonymous
ftp from irbis.llnl.gov (ip address 128.115.19.60).  

Acknowledgements
~~~~~~~~~~~~~~~~

Thanks Dave Millar for helping provide a portion of the information.

Copyright
~~~~~~~~~

This paper is Copyright (c) 1994 by Christopher Klaus

        Permission is hereby granted to give away free copies.  You may
distribute, transfer, or spread this paper.  You may not to pretend that
you wrote it.  You may not reverse engineer, decompile, or disassemble this
information.  You may not rent or lease this paper.  This copyright notice
must be maintained in any copy made.  

Disclaimer
~~~~~~~~~~

        The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event shall
the author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.  Any use of this
information is at the user's own risk.

Address of Author
~~~~~~~~~~~~~~~~~

        Please send suggestions, updates, and comments to:      

        <ckl...@shadow.net>

--
Christopher William Klaus  Email: ckl...@shadow.net  Author:Inet Sec. Scanner
2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)206-1513.

 
 
 

1. Vendor Security Contacts

I am trying to develope a list of security coordinators for the purpose
of providing the information to administrator to allow them to
easily get the newest patch information.  

Many security holes are in existance and most Unix vendors will not
call the customers to let them know they are vulnerable.  I want to
make a list of vendors and how to contact them for 2 reasons.

1. Reason would be to warn the vendor of a found security hole.
2. Reason would be to get patches from the vendor for security hole.

If you know a vendor, please email me their postal address, phone number,
and e-mail for getting in touch with the security engineers at that vendor
site.  

In a few weeks, Ill put together the list and repost it so anyone can get
it and use it.  This list will hopefully provide an easy method of getting
in touch with security engineers at different vendors.  Especially for
admins of sites with various Unix platforms.

Thank you,

Christopher Klaus

--

2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)206-1513.

2. kermit escape sequence

3. Vendor Security Contacts 1.3

4. NT to BSD migration issues

5. Vendor Security Contacts 1.2

6. imap-2001.BETA.SNAP-0108291901

7. Cman Contact Manager v1.1 -update

8. Patches for linux to run Satan?

9. sco backup vendor contacts

10. Video card vendor contacts (FAQ)

11. Cman Contact Manager v1.1a

12. SECURITY: NSA Security-enhanced Linux updated