Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SN 4.0 huge security hole
From: tiemann () CYGNUS COM (Michael Tiemann)
Date: Wed, 13 May 1998 17:21:40 -0700

Your message has been received, understood, and a technical fix has been
implemented and is being tested.  We have disabled ftp downloads of
SN-Lite for all platforms, and have already formulated a fix.  We are
contacting CERT to post a proper advisory and fix.

I would ask that in the future, you follow proper security notification
protocol, which is to attempt to contact the vendor with such problems
first, so that immediate action can be taken to resolve the problem
before widely exposing the vulnerability.  You should reserve public
exposure for the rare cases that the vendor ignores your warning.  As it
is, you have probably induced several enterprising crackers to attempt
to exploit this vulnerability in the few hours it will take us to
re-spin all the software, and thus you are the one who would be liable
for any mis-use of this bug.

Please direct your followups to myself, not the lists that I have ack'd
your message to.  Thanks,

Michael Tiemann

  By Date           By Thread  

Current thread:
  • Re: SN 4.0 huge security hole Michael Tiemann (May 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]