Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 May 1996 22:17:57 +1000
From:      Danny Smith <danny@auscert.org.au>
To:        Vladimir Jojic <vjojic@eunet.yu>
Cc:        freebsd-security@freebsd.org
Subject:   Re: very bad 
Message-ID:  <199605171217.WAA11280@amethyst.auscert.org.au>
In-Reply-To: Your message of "Fri, 17 May 1996 12:09:30 %2B0200." <199605171009.MAA00475@EUnet.yu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Vladimir Jojic writes:

> What IS very bad about this whole thing, isn't existance of this bug,
> as much as how easliy information about it can be obtained. Even if 
> you do send patch along with info, there is still danger that someone,
> gets up earlier than root, and then ... (sweat dreams, root!)

> > You know though, for ones this bad I'd really rather you sent the
> > message to security-officer@freebsd.org rather than freebsd-security
> > in the future.  There are easily over 1000 people on this list and you
> > just announced a cookbook method for any shell account user to go root
> > on a FreeBSD based ISP box; hardly the kind of information one would
> > want to see widely circulated without a prepared fix, at the
> > least. :-(

Another unfortunate part is that it is approaching midnight in Australia
(and it is now past midnight in New Zealand) at the start of the weekend.
Posting vulnerbility information like this has not helped any system
administrators if they are all home for the weekend.  All it has done
is increase the exposure of their systems to attack by more poeple.

I personally don't think that is helping anyone at all.

Danny Smith.

==========================================================================
 Danny Smith                      |  Fax:    +61 7 3365 4477
 AUSCERT                          |  Phone:  +61 7 3365 4417
 c/- Prentice Centre              |  (answered during business hours)
 The University of Queensland     |  (on call after hours for emergencies)
 Qld.  4072.  Australia           |  Internet:  auscert@auscert.org.au

Standard Disclaimer:  My opinions do not neceseaarily reflect the policy
                      of AUSCERT or The University of Queensland.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605171217.WAA11280>