Bugtraq mailing list archives
Re: Vulnerabilities in KTH Kerberos IV
From: kris () CITUSC USC EDU
Date: Mon, 11 Dec 2000 17:10:42 -0800
On Mon, Dec 11, 2000 at 12:28:31AM +0200, Jouko Pynnonen wrote:
On Sun, 10 Dec 2000, Robert Watson wrote:Despite being explicitly mentioned in the advisory as an affected operating system and the statement of notification above, the FreeBSD Project was not notified in advance of the release of this advisory. WeI'd like to point out that it was OpenBSD who chose to make the vulnerabilities public at this point, which happened with an advisory and a patch they released almost three days before my Bugtraq posting came out.
As Aleph1 pointed out in other mail, the best solution is probably to cease giving advance notification to vendors who can't cooperate with the wider security community and at least try to coordinate information release. Kris
Current thread:
- Vulnerabilities in KTH Kerberos IV Jouko Pynnonen (Dec 10)
- Re: Vulnerabilities in KTH Kerberos IV Robert Watson (Dec 11)
- Re: Vulnerabilities in KTH Kerberos IV Jouko Pynnonen (Dec 12)
- Re: Vulnerabilities in KTH Kerberos IV kris (Dec 13)
- Re: Vulnerabilities in KTH Kerberos IV Jouko Pynnonen (Dec 12)
- Re: Vulnerabilities in KTH Kerberos IV Robert Watson (Dec 11)