Re: Addendum to Rpcbind Advisory

Alfred Huger (ahuger@SILENCE.SECNET.COM)
Wed, 30 Jul 1997 16:36:05 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kragen Sitaker: "Re: request-route"
Previous message: John Macdonald: "Re: request-route"
Maybe in reply to: Secure Networks Inc: "Addendum to Rpcbind Advisory"
Next in thread: Wietse Venema: "REPOST: Re: Addendum to Rpcbind Advisory"

> In the future, I'd appreciate it if SNI would contact me, the
> author, before announcing a possible loophole in my source code.
> Oh, and my first name is Wietse, not Wieste.
>
> Wietse
>

Our apoligies, our first advisory actually stated that your replacement
portmap did not have the problem. The addendum was posted after we
received mail from Casper Dik on the 7th of this month. In his mail he
indicated to us that you had been notified that your software was
vulnerable to the problem. Obviously the fault is ours in that we did not
contact you ourselves. Had we further known that you were recovering from
eye surgery we would not have made the post until you had recovered.

As to the spelling mistake on your name, our apologies there as well.

-Al Huger

/*************************************************************************
Alfred Huger Phone: 403.262.9211
Secure Networks Inc. Fax: 403.262.9221
**************************************************************************/

Next message: Kragen Sitaker: "Re: request-route"
Previous message: John Macdonald: "Re: request-route"
Maybe in reply to: Secure Networks Inc: "Addendum to Rpcbind Advisory"
Next in thread: Wietse Venema: "REPOST: Re: Addendum to Rpcbind Advisory"