|
Bugtraq
mailing list archives
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994
From: dsiebert () icaen uiowa edu (Doug Siebert)
Date: Tue, 29 Nov 1994 23:10:20 -0600 (CST)
Change that in: "how quickly Sun came with not-working patches"
Note too that the patch that finally fixed the /var/spool/mail
race conditions appeared months after the last 8lgm advisory.
The Sun patch fixed some of the problems and made the race harder to win. It
also filled the particular hole that particular 8lgm script exposed. Better
than a cryptic message from 8lgm saying "there is a bug in mail" and better
than hearing nothing at all from CERT until Sun believes they have the bug
fixed. And if it takes several iterations for Sun to do this, and they
don't have whatever added pressure a widely-distributed exploit script adds,
this might a year or more for systems to be vulnerable to those who know
about this bug. And with every passing day the chance someone else will
independly discover it increases...
--
Doug Siebert
dsiebert () isca uiowa edu
 By Date 
By Thread
Current thread:
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Casper Dik (Nov 29)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Doug Siebert (Nov 29)
STOP! Aleph One (Nov 29)
Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Pete Hartman (Nov 28)
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 29)
| 
Intro
