[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.99.50s17 available as tarball. SECURITY WARNING

To: Matti Aarnio <mea@nic.funet.fi>
Subject: Re: 2.99.50s17 available as tarball. SECURITY WARNING
From: Michael Smith <michael@csuite.ns.ca>
Date: Mon, 10 May 1999 20:41:38 -0300 (ADT)
cc: zmailer@nic.funet.fi
In-Reply-To: <19990510233146Z16139-4113+622@nic.funet.fi>
Sender: moses@pentagram.nslug.ns.ca

On Tue, 11 May 1999, Matti Aarnio wrote:

>   Very good question.  How much could I tell without endangering
> everybody's servers ?   To my knowledge I am only one who knows
> its precise nature, and I would prefer it to stay that way.
> I would prefer this *not* to appear at bugtraq in form of an exploit...

The workaround is easy, and you've posted it to the list, so I wouldn't
worry about that. I'd just like to be able to test my servers for
vulnerability.

> If there is demand, I can back-port the fix to older versions too.

That'd be appreciated, but if you do that you might as well just disclose
the bug (in fact since anyone can diff between -s17 and previous releases,
it probably wouldn't be too hard to figure it out as it is).

References:
- Re: 2.99.50s17 available as tarball. SECURITY WARNING
  - From: Matti Aarnio <mea@nic.funet.fi>

Prev by Date: Re: 2.99.50s17 available as tarball. SECURITY WARNING
Next by Date: Anybody going to Linux Expo ?
Prev by thread: Re: 2.99.50s17 available as tarball. SECURITY WARNING
Next by thread: Re: 2.99.50s17 available as tarball. SECURITY WARNING
Index(es):
- Date
- Thread