The 2007 Pwnie Nominee For Lamest Vendor Response

BMC Performance Manager SNMP Command Execution (CVE-2007-1972)

BMC

The vulnerability was discovered by an anonymous researcher and reported to BMC by TippingPoint. The response was priceless:

BMC has a formal customer support mechanism in place to provide solutions to security issues brought to us by those who have legally licensed our software. In cases where security issues are brought to my attention by individuals/vendors who do not have legal access to our products, we will investigate their merit; however the issues will be addressed at our own discretion and according to our understanding of their severity.

Finally, please note that in the future, I will only communicate resolutions and workarounds to licensed customers who are using our software legally. For a more meaningful dialogue around these issues and to be notified of any available patches, I urge all licensed customers to use BMC’s support mechanism.

(CVE-2007-1972)