Firewalls: Re: Sun sendmail vulnerability

Firewalls
(October 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Sun sendmail vulnerability
From:	woods @ ncar . UCAR . EDU (Greg Woods)
Date:	Fri, 22 Oct 93 11:22:07 MDT
To:	lkn @ llnl . gov (Leland K. Neely)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<9310221621 . AA07468 @ mycroft . GreatCircle . COM>; from "Leland K. Neely" at Oct 22, 93 9:25 am

> Please refrain from disclosing bug particulars on an email list.
> 
> All we need is to have hackers get the inside poop on a hole faster
> than we can patch it.
> 

OK, here's one: we don't run Sun's sendmail, we run an older Berkeley
version. How am I supposed to find out if our system is vulnerable also
unless I can find out more about the bug? It seems to me that if, as
the CERT announcement states, the hole is ALREADY being widely exploited,
concerns about hackers finding out how to exploit it should take a back
seat to helping the guys in the white hats close the hole.

--Greg

Follow-Ups:

Re: Sun sendmail vulnerability
From: scott @ forge . tandem . com (Scott Hazen Mueller)
Re: Sun sendmail vulnerability
From: Aydin Edguer <edguer @ alpha . CES . CWRU . Edu>

References:

Re: Sun sendmail vulnerability
From: Leland K. Neely <lkn @ llnl . gov>

Indexed By Date	Previous:	Re: Sun sendmail vulnerability From: Tom Fitzgerald <fitz @ wang . com>
Indexed By Date	Next:	Sun sendmail hole From: reh @ cs . UMD . EDU (Richard Huddleston)
Indexed By Thread	Previous:	Re: Sun sendmail vulnerability From: Tom Fitzgerald <fitz @ wang . com>
Indexed By Thread	Next:	Re: Sun sendmail vulnerability From: Aydin Edguer <edguer @ alpha . CES . CWRU . Edu>