Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Linux NIS security problem hole and fix
From: root () iifeak swan ac uk (System Administrator)
Date: Fri, 8 Sep 1995 10:38:38 +0100


I was told by someone that this hole is "well known" and has been discussed
on the LINUX security list for a while now. A few people have emailed me
telling me what it was too, so it is obvious that this is "known" about.

It was reported, noted and fix a long time ago.

I am now even more a believer of full disclosure. We purchased a commercial
version of LINUX just a little while ago, and the hole exists. How am
I supposed to protect stuff if I don't even know about it?  Sigh....

Bugtraq and the linux-security mailing lists are probably the best resources.
We do also pass Linux bugs onto cert but while people like dfn-cert (germany)
actively log and issue info about such things US cert appears a total waste
of effort. I think every actual alert that linux-security finds also gets
onto bugtraq.

CERT advised me of the above fix. They couldn't test the fix since they
don't have a LINUX machine anywhere. Pretty incredible that no one at
CERT runs a free Unix that can run on a 386 with 4 megs...

I'll have a word with a few people. Maybe a vendor will send them a free CD
if I point this out to them.

Alan



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]