Bugtraq mailing list archives
Re: CERT Advisory CA-97.23 - rdist
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Tue, 16 Sep 1997 14:38:46 -0600
CERT* Advisory CA-97.23 Original issue date: September 16, 1997 Last revised: -- Topic: Buffer Overflow Problem in rdist
OpenBSD does not have this problem. None of the versions of rdist distributed are setuid or setgid. But the more important issue is that after repeated requests to CERT to give us advance warning on these issues, and include us in their advisories, they have simply ignored the mail we've sent. What's up, CERT? Why don't you respond to mail from the OpenBSD project? Here's some mail I sent CERT before, but got no response to: ---------------------------------------- To: cert () cert org cc: deraadt Subject: lpd advisory Message-Id: <199707252312.RAA19967 () cvs openbsd org> Date: Fri, 25 Jul 1997 17:12:58 -0600 From: Theo de Raadt <deraadt () cvs openbsd org> I have heard there is an [deleted] advisory in the works. Yet, OpenBSD did not receive any notification of this advisory through proper channels, but FreeBSD certainly did. OpenBSD is an OS vendor too. Why didn't we get advance notice? Obviously if one BSD has the problem, other BSD's are going to have it too. What's the deal? Why are we not being notified of problems before the release of a CERT advisory? I have asked this question twice before. What other advisories are in the works that OpenBSD is not being informed of?
Current thread:
- CERT Advisory CA-97.23 - rdist Aleph One (Sep 16)
- Re: CERT Advisory CA-97.23 - rdist Theo de Raadt (Sep 16)
- Fake ps detection program (system V and /proc enabled machines) Duncan Simpson (Sep 16)
- Java/JavaScript DoS Ian McKellar (Sep 16)
- Re: Fake ps detection program (system V and /proc enabled David Luyer (Sep 16)
- Re: CERT Advisory CA-97.23 - rdist Perry E. Metzger (Sep 16)
- Re: CERT Advisory CA-97.23 - rdist Alex (Sep 16)
- [IPD] Internet Probe Droid balif (Sep 16)
- Re: [IPD] Internet Probe Droid Keith A. Watson (Sep 18)
- Instresting practises of Oracle [Oracle Webserver] hurtta+zz () OZONE FMI FI (Sep 18)
- Redir games with ARP and ICMP Yuri Volobuev (Sep 19)
- Re: Redir games with ARP and ICMP Alan Cox (Sep 19)
- Fake ps detection program (system V and /proc enabled machines) Duncan Simpson (Sep 16)
- Re: CERT Advisory CA-97.23 - rdist Theo de Raadt (Sep 16)