Bugtraq mailing list archives

Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 19 Aug 1998 16:13:01 +0100

It is partially vendor responsibility to fix the current distribution as
well as make their users aware. After contacting both Redhat and Debian
about this information, it was very disconcerting to see they were
unwilling to work with us on patching the problem. Both contacts expressed


So if you find a hole in a random application on a random ftp site that
runs with a random vendors product its the vendors problem. Frankly I think
you are making a laughing stock of yourself

Was it microsofts problem Eudora had a hole. Should Microsoft run out and
audit every visual basic application on the web ?

That said, I assure you that RSI continues to try to "do the right thing".


For an extremely strange definition thereof.

If you had a few extra cluons you might have phrased it sensibly as

        "pcnfsd is not shipped with most Linux distributions but if you
         have obtained and installed it be aware that the standard Linux
         version from Sunsite.unc.edu is vulnerable"

Every bogus claim you make brings the entire security tracking community
into disrepute and reflects badly on the people who do care about doing
things right.

Alan

Current thread:

RSI.0008.08-18-98.ALL.RPC_PCNFSD RSI Advise (Aug 18)
- Microsoft Security Bulletin (MS98-011) (fwd) brian j. peterson (Aug 18)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Scott Stone (Aug 19)
  - Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Casper Dik (Aug 19)
- <Possible follow-ups>
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Brian Martin (Aug 19)
  - Serious bug in Cisco PIX Robert Ståhlbrand (Aug 19)
  - Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Alan Cox (Aug 19)
  - Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Joseph E. Vornehm Jr. (Aug 19)
  - Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Aug 19)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Volker Borchert (Aug 19)