From owner-freebsd-security  Wed Jun 26  9:44:22 2002
Delivered-To: freebsd-security@freebsd.org
Received: from cithaeron.argolis.org (pool-138-88-127-183.res.east.verizon.net [138.88.127.183])
	by hub.freebsd.org (Postfix) with ESMTP id 6582437B405
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 09:44:12 -0700 (PDT)
Received: from cithaeron.argolis.org (localhost [127.0.0.1])
	by cithaeron.argolis.org (8.12.3/8.12.3) with ESMTP id g5QGi2IK022038;
	Wed, 26 Jun 2002 12:44:02 -0400 (EDT)
	(envelope-from piechota@argolis.org)
Received: from localhost (piechota@localhost)
	by cithaeron.argolis.org (8.12.3/8.12.3/Submit) with ESMTP id g5QGi2u6022035;
	Wed, 26 Jun 2002 12:44:02 -0400 (EDT)
X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs
Date: Wed, 26 Jun 2002 12:44:01 -0400 (EDT)
From: Matt Piechota <piechota@argolis.org>
To: Brett Glass <brett@lariat.org>
Cc: Mike Tancsa <mike@sentex.net>,
	Darren Reed <avalon@coombs.anu.edu.au>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH 
 Advisory)
In-Reply-To: <4.3.2.7.2.20020626101626.02274c80@localhost>
Message-ID: <20020626123728.G7517-100000@cithaeron.argolis.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 26 Jun 2002, Brett Glass wrote:

> Theo made a worthy attempt to minimize harm (which should be the goal of
> any security policy). It's a shame that ISS sought the spotlight instead
> of doing the same.

ISS has shown itself with this and the Apache vulerabilites last week to
happily screw the maintainers of projects for it's own benefit.  It seems
at least this time they bothered give the OpenSSH team a little notice.
Of course, I don't track the skiddie world, so ISS's report may be a
reaction to a released exploit for this bug.  I'd like to give them the
benefit of the doubt, but their past actions make that difficult.

Although I will admit that knowing now has saved my vacation plans for
next week (as with many others in the US, I'm sure) so I'm not entirely
unhappy to find out that I'm safe for the moment.

-- 
Matt Piechota


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message