[kbelanger () logicon ca: [VulnWatch] vuln in login under solaris]

[len () netsys com (Len Rose)]

This isn't a known issue. There is no such bug. 

This is about fake advisories being approved by moderators. If the
only value of moderation is to weed out "other stuff" then the delays that
vuln-watch incurs rather frequently aren't worth the cost overhead in time.

Referring back to the technical merits of that advisory in particular,
something this blatant is readily checked in 5 minutes. Sun would never
have something of this nature so badly broken. This is in fact, /bin/login
and the bulk of that code is probably older than most people around today.

A fake advisory of this nature tends to devalue the overall reliabiliy 
of a list's information especially if it's moderated.

Len


On Thu, Sep 05, 2002 at 05:59:09PM -0600, Steve wrote:
> Len,
>
> Yes, the list is moderated as in we only approve messages that are actual
> vulnerability announcements and not "other stuff" (for other stuff see;
> http://lists.netsys.com/pipermail/full-disclosure/).
>
> It is not the jobs of the moderators to take the time and verify each vuln
> report as it will slow down the flow of the list and the moderators are only
> human and can make mistakes just like everyone else.
>
> It has also been discussed on VulnDiscuss that this isn't really a
> vulnerability in the first place and is a known "issue"/limitation.  This in
> my opinion is the whole point of the discussion list - to weed out the crap
> in a public forum -- almost like peer review.
>
>
> Regards;
>
> Steve Manzuik
> Moderator - VulnWatch
> Moderator - VulnDiscuss
> www.vulnwatch.org

[snipped]