From owner-freebsd-security  Sun Jul 22  9: 9:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36])
	by hub.freebsd.org (Postfix) with ESMTP id 9E2AF37B403
	for <security@freebsd.org>; Sun, 22 Jul 2001 09:09:37 -0700 (PDT)
	(envelope-from keith.stevenson@louisville.edu)
Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114])
	by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP
	id 273153B025; Sun, 22 Jul 2001 12:09:37 -0400 (EDT)
Received: by osaka.louisville.edu (Postfix, from userid 15)
	id C56191862E; Sun, 22 Jul 2001 12:09:32 -0400 (EDT)
Date: Sun, 22 Jul 2001 12:09:32 -0400
From: Keith Stevenson <keith.stevenson@louisville.edu>
To: Kris Kennaway <kris@obsecurity.org>
Cc: security@freebsd.org
Subject: Re: telnetd root exploit
Message-ID: <20010722120932.E56521@osaka.louisville.edu>
References: <20010721144337.B90359@xor.obsecurity.org> <20010721215005.70250.qmail@web11606.mail.yahoo.com> <20010721145355.A4238@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010721145355.A4238@xor.obsecurity.org>; from kris@obsecurity.org on Sat, Jul 21, 2001 at 02:53:55PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, Jul 21, 2001 at 02:53:55PM -0700, Kris Kennaway wrote:
> On Sat, Jul 21, 2001 at 02:50:05PM -0700, Holtor wrote:
> > Any idea when the official advisory will be sent?
> > I don't want to think i'm patched and restart telnetd
> > only to be rooted by some lame script kiddie. Thanks
> > much.
> 
> Probably Monday.

I have a small suggestion for this and future advisories.  Could you include
which file versions are "fixed"?  For example, in addition to stating that
the problem was resolved on a certain date, also include that the fix is in
foo.c version (mumble).  It would help make certain that I am indeed patched.
(Yes, I do read the commit messages, but I've been known to miss these
things.)

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
keith.stevenson@louisville.edu
GPG key fingerprint =  332D 97F0 6321 F00F 8EE7  2D44 00D8 F384 75BB 89AE

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message