From owner-freebsd-security Thu Mar 28 11:23:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id A8F2637B400 for ; Thu, 28 Mar 2002 11:23:12 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA24640; Thu, 28 Mar 2002 12:22:53 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020328121638.035b4100@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 28 Mar 2002 12:22:38 -0700 To: David Pick From: Brett Glass Subject: Re: Is FreeBSD susceptible to this vulnerability? Cc: security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 07:58 AM 3/28/2002, David Pick wrote: >The notice says it's an "information leakage" vulnerability that >can leak information useful for otherwise unrelated brute-force >attacks. True. In particular, it could facilitate brute force password guessing attacks, because it does not appear that any special measures are taken after wrong guesses. Claims that it's a "Back Orifice for UNIX" (cf The Register) are overblown, of course. BTW< It appears that Caldera reported and fixed this years ago. The issuers of the security notice probably dredged up the report and began to test other UNIX implementations. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message