Bugtraq mailing list archives

Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

From: dsiebert () icaen uiowa edu (Doug Siebert)
Date: Tue, 29 Nov 1994 23:10:20 -0600 (CST)

Change that in: "how quickly Sun came with not-working patches"
Note too that the patch that finally fixed the /var/spool/mail
race conditions appeared months after the last 8lgm advisory.



The Sun patch fixed some of the problems and made the race harder to win.  It
also filled the particular hole that particular 8lgm script exposed.  Better
than a cryptic message from 8lgm saying "there is a bug in mail" and better
than hearing nothing at all from CERT until Sun believes they have the bug
fixed.  And if it takes several iterations for Sun to do this, and they
don't have whatever added pressure a widely-distributed exploit script adds,
this might a year or more for systems to be vulnerable to those who know
about this bug.  And with every passing day the chance someone else will
independly discover it increases...


-- 
Doug Siebert
dsiebert () isca uiowa edu

Current thread:

Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994, (continued)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Paul Howell (Nov 28)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 28)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Karl Strickland (Nov 28)
    - Full vs. Partial Dsiclosure Nathan Lawson (Nov 28)
    - (fwd) In reply to comments about new policy (fwd) Paul 'Shag' Walmsley (Nov 28)
    - Re: (fwd) In reply to comments about new policy (fwd) anthony baxter (Nov 28)
    - Old vulnerability disclosure please? (fwd) Jeon Young-mi (Nov 29)
    - Re: (fwd) In reply to comments about new policy (fwd) Pug (Nov 30)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Robert M. Haas (Nov 29)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Casper Dik (Nov 29)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Doug Siebert (Nov 29)
  - STOP! Aleph One (Nov 29)
- Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Pete Hartman (Nov 28)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 29)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Pat Myrto (Nov 29)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Karl Strickland (Nov 30)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 RAS () CACDVAX CACD ROCKWELL COM (Nov 29)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 30)