Bugtraq mailing list archives
Re: Very probable remote root vulnerability in cfengine
From: David LeBlanc <dleblanc () MINDSPRING COM>
Date: Tue, 3 Oct 2000 09:28:36 -0700
At 08:48 AM 10/3/00 AEST, Shaun Clowes wrote:
The security community is in great danger of being a victim of its own
sensationalism.
Reports of problems that don't really confirm an issue are like the story of the 'boy who cried wolf'. There may or may not be a wolf, but if enough times reports like this are released which turn out not to be exploitable, massive amounts of credibility (along with sysadmin sleep) are lost. Eventually it leads to advisories being ignored en masse.
This is one very good reason to work with the vendor through the reporting process. I see too many 'advisories' that are poorly researched, and being in security operations, I have to spend a lot of time to sort out exactly what the threat is or isn't. People telling me "suppose this or that is vulnerable" isn't very helpful, either. I've also been on the other side of this one and been one of the people producing advisories - I can't think of a single issue where I had everything right in the first place - there have usually been at least minor corrections - and a couple where I found out that I was completely wrong. A cooperative vendor will tell you which bits you have right and wrong. This allows you to produce higher quality information. I'm not usually very happy to have to post "whoops - I screwed up" to 30,000 readers. Although I can't seem to find a link to it on the security focus web site, I know they provide a service that tries to work with vendors. Russ Cooper also does the same thing for people. If one's objective is to help make our networks more secure, then high quality information and patch availability are important. David LeBlanc dleblanc () mindspring com
Current thread:
- Very probable remote root vulnerability in cfengine Pekka Savola (Oct 02)
- Re: Very probable remote root vulnerability in cfengine Ben Collins (Oct 02)
- <Possible follow-ups>
- Re: Very probable remote root vulnerability in cfengine Shaun Clowes (Oct 02)
- Re: Very probable remote root vulnerability in cfengine Sergey Kogan (Oct 03)
- Re: Very probable remote root vulnerability in cfengine David LeBlanc (Oct 03)
- Re: Very probable remote root vulnerability in cfengine Scott Gifford (Oct 03)