Bugtraq mailing list archives
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
From: ben () ITAUDIT COM AU (Benjamin Smee)
Date: Mon, 30 Aug 1999 11:35:24 +1000
At 12:05 PM 25/08/99 +0200, you wrote:
On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:I'm really angrySo am I. Did you ever think of contacting Linux distribution maintainers before making these things public, especially if they have as much impact as a remotable hole in wu-ftpd? I'm all for full disclosure intellectual property bla bla bla, but just unloading a pile of shit on other people's doorsteps is NOT what I would call in any way cooperative.
Hello, Once again this issue raises its head. Why do all the developers who read the list believe that they should be informed before everyone else? The hole existed and was being exploited, at least Michal gave all the users who were using Wu-ftp the opportunity to do something about it BEFORE the developers put out their patches. Not everyone believes in the inform the vendor first motto that seems to be increasingly prevalent in Bugtraq. When are the vendors going to realise this and learn to deal with it? regards, Benjamin Smee Senior Computer Security Consultant Fingerprint: 4574 41AD D801 1533 455C E5F8 79C4 CEF1 AED8 58C1 ___________________________ IT Audit & Consulting (ITAC) Pty Ltd ben () itaudit com au
Current thread:
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Andreas Jaeger (Aug 24)
- <Possible follow-ups>
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Olaf Kirch (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Benjamin Smee (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- [patch] ProFTPd remote root exploit Nic Bellamy (Aug 29)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michael K. Johnson (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Michal Zalewski (Jul 04)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Josip Rodin (Aug 25)
- Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Chris Butler (Aug 28)