Bugtraq mailing list archives

Re: Announcement: Important

From: bruce () pixar com (Bruce Perens)
Date: Mon, 26 May 1997 20:44:00 PDT


I must agree with your lack of faith in CERT. I warned them about a
problem with the Berkeley FTP daemon code (on December 28) that would
allow someone to bypass a firewall and impersonate a user on the inside
of a network. I have yet to see any response, and the problem still
exists on many systems _other_than_Linux_, including important
government and educational sites. I informed most Linux distributions,
and they fixed the problem promptly.

Note that other CERT-like agencies, such as AUSCERT, have a much better
record of responding to Linux alerts.

        Bruce Perens

        Debian Project Leader
--
Bruce Perens K6BP   Bruce () Pixar com   510-215-3502
Finger bruce () master Debian org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6  1F 89 6A 76 95 24 87 B3

Current thread:

Announcement: Important Alan Cox (May 26)
- <Possible follow-ups>
- Re: Announcement: Important Bruce Perens (May 26)
- Re: Announcement: Important Bruce Perens (May 27)