From owner-freebsd-questions Fri Jul 12 21:13:29 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA05369 for questions-outgoing; Fri, 12 Jul 1996 21:13:29 -0700 (PDT) Received: from gdi.uoregon.edu ([128.223.186.250]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA05364 for ; Fri, 12 Jul 1996 21:13:27 -0700 (PDT) Received: (from dwhite@localhost) by gdi.uoregon.edu (8.6.12/8.6.12) id VAA00770; Fri, 12 Jul 1996 21:13:47 -0700 Date: Fri, 12 Jul 1996 21:13:47 -0700 (PDT) From: Doug White Reply-To: dwhite@resnet.uoregon.edu To: Annelise Anderson cc: freebsd-questions@freebsd.org Subject: Re: CERT FreeBSD ppp Advisory--Distribution? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 11 Jul 1996, Annelise Anderson wrote: > CERT has distributed an advisory on a security problem with user ppp, > information provided by FreeBSD, Inc. Although I'm subscribed to the > USENET group comp.security.announce (and it's there), I actually heard > about it from my system administrator. If anyone is interested, you can view the bulletin at the following URL: ftp://info.cert.org/pub/cert_advisories/cert_bulletins/VB-96.11.freebsd Basically take the suid bit off of ijppp until you patch it. This requires the superuser to set up connections. > I would think such information ought to be available rather widely to > people subscribed to various freebsd mailing lists, not just security, > and should be on the freebsd home page as well. The mailing list suggested would be the best stop for security information. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major