Re: Announcement: Important

Bruce Perens (bruce@pixar.com)
Mon, 26 May 1997 20:44:00 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joe Zbiciak: "Generic wrapper"
Previous message: Matt Carter: "Re: buffer overflow in /bin/login"
Maybe in reply to: Alan Cox: "Announcement: Important"
Next in thread: Bruce Perens: "Re: Announcement: Important"

I must agree with your lack of faith in CERT. I warned them about a
problem with the Berkeley FTP daemon code (on December 28) that would
allow someone to bypass a firewall and impersonate a user on the inside
of a network. I have yet to see any response, and the problem still
exists on many systems _other_than_Linux_, including important
government and educational sites. I informed most Linux distributions,
and they fixed the problem promptly.

Note that other CERT-like agencies, such as AUSCERT, have a much better
record of responding to Linux alerts.

Bruce Perens

Debian Project Leader

--
Bruce Perens K6BP   Bruce@Pixar.com   510-215-3502
Finger bruce@master.Debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6  1F 89 6A 76 95 24 87 B3

Next message: Joe Zbiciak: "Generic wrapper"
Previous message: Matt Carter: "Re: buffer overflow in /bin/login"
Maybe in reply to: Alan Cox: "Announcement: Important"
Next in thread: Bruce Perens: "Re: Announcement: Important"