Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Jan 2001 16:51:07 -0800
From:      Jason DiCioccio <Jason.DiCioccio@Epylon.com>
To:        'Trevor Johnson' <trevor@jpj.net>, security@freebsd.org, security-officer@freebsd.org, Berend de Boer <berend@pobox.com>
Subject:   RE: CERT advisory:  "Interbase Server Contains Compiled-in Back D oor Account"
Message-ID:  <657B20E93E93D4118F9700D0B73CE3EA024385@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help 
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C07B68.94F71590
Content-Type: text/plain;
	charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can any users of this package confirm if they actually knew about
this backdoor account?  I don't see how a backdoor account accidently
makes its way into a database package like this.  If this was
undocumented/unknown, I would have to assume it might have been
intentional from someone working on the project perhaps?  I do not
use this database package, so I can't accuse anyone or any company of
this, but it's hard to imagine a 'backdoor account' making it's way
in the source otherwise.  I guess we'll have to wait for a Borland
advisory.

My .02 cents
- -JD-

- -------
Jason DiCioccio
Evil Genius
Unix BOFH

mailto:jasond@epylon.com

415-593-2761          Direct & Fax
415-593-2900          Main

Epylon Corporation
645 Harrison Street, Suite 200
San Francisco, CA 94107
www.epylon.com

BSD is for people who love Unix -
Linux is for people who hate Microsoft


- -----Original Message-----
From: Trevor Johnson [mailto:trevor@jpj.net]
Sent: Wednesday, January 10, 2001 4:40 PM
To: security@freebsd.org; security-officer@freebsd.org; Berend de
Boer
Subject: CERT advisory: "Interbase Server Contains Compiled-in Back
Door
Account"


The advisory is at http://www.cert.org/advisories/CA-2001-01.html . 
The
way I read it, ports/databases/interbase4 is likely to be affected.
- -- 
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>;

iQA/AwUBOl0D51CmU62pemyaEQIGvACfbSM7MG/0gIDhJ3Fg2H3r7cERreQAni31
AZprugMdEMqVJZCJ7MqdDBab
=ShAU
-----END PGP SIGNATURE-----



------_=_NextPart_000_01C07B68.94F71590
Content-Type: application/octet-stream;
	name="Jason DiCioccio.vcf"
Content-Disposition: attachment;
	filename="Jason DiCioccio.vcf"

BEGIN:VCARD
VERSION:2.1
N:DiCioccio;Jason
FN:Jason DiCioccio
ORG:epylon.com;operations
TITLE:UNIX ADMIN
ADR;WORK:;;645 Harrison St;San Francisco;CA;94107;usa
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:645 Harrison St=0D=0ASan Francisco, CA 94107=0D=0Ausa
EMAIL;PREF;INTERNET:Jason.DiCioccio@Epylon.com
REV:19990105T135529Z
END:VCARD

------_=_NextPart_000_01C07B68.94F71590--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA024385>