Bugtraq mailing list archives
Re: Linux NIS security problem hole and fix
From: root () iifeak swan ac uk (System Administrator)
Date: Fri, 8 Sep 1995 10:38:38 +0100
I was told by someone that this hole is "well known" and has been discussed on the LINUX security list for a while now. A few people have emailed me telling me what it was too, so it is obvious that this is "known" about.
It was reported, noted and fix a long time ago.
I am now even more a believer of full disclosure. We purchased a commercial version of LINUX just a little while ago, and the hole exists. How am I supposed to protect stuff if I don't even know about it? Sigh....
Bugtraq and the linux-security mailing lists are probably the best resources. We do also pass Linux bugs onto cert but while people like dfn-cert (germany) actively log and issue info about such things US cert appears a total waste of effort. I think every actual alert that linux-security finds also gets onto bugtraq.
CERT advised me of the above fix. They couldn't test the fix since they don't have a LINUX machine anywhere. Pretty incredible that no one at CERT runs a free Unix that can run on a 386 with 4 megs...
I'll have a word with a few people. Maybe a vendor will send them a free CD if I point this out to them. Alan
Current thread:
- Linux NIS security problem hole and fix Ken Weaverling (Sep 07)
- Re: Linux NIS security problem hole and fix Tim Chown (Sep 08)
- Re: Linux NIS security problem hole and fix System Administrator (Sep 08)
- <Possible follow-ups>
- Re: Linux NIS security problem hole and fix Joerg Czeranski (Sep 07)