From owner-freebsd-commit  Sun Aug  6 18:05:19 1995
Return-Path: commit-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.11/8.6.6) id SAA27724
          for commit-outgoing; Sun, 6 Aug 1995 18:05:19 -0700
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.11/8.6.6) id SAA27687
          for cvs-libexec-outgoing; Sun, 6 Aug 1995 18:02:34 -0700
Received: from haywire.DIALix.COM (haywire.DIALix.COM [192.203.228.65])
          by freefall.cdrom.com (8.6.11/8.6.6) with ESMTP id SAA27679
          ; Sun, 6 Aug 1995 18:02:21 -0700
Received: (from peter@localhost) by haywire.DIALix.COM (8.7.Beta.11/8.7.Beta.11/DIALix) id JAA00546; Mon, 7 Aug 1995 09:01:37 +0800 (WST)
Date: Mon, 7 Aug 1995 09:01:36 +0800 (WST)
From: Peter Wemm <peter@haywire.dialix.com>
To: Wolfram Schneider <wosch@cs.tu-berlin.de>
cc: Paul Traina <pst@shockwave.com>,
        "Jordan K. Hubbard" <jkh@freefall.cdrom.com>,
        CVS-commiters@freefall.cdrom.com, cvs-libexec@freefall.cdrom.com
Subject: Re: cvs commit: src/libexec/getty gettytab.5 main.c 
In-Reply-To: <199508062344.BAA07154@localhost>
Message-ID: <Pine.SV4.3.91.950807084117.17645f-100000@haywire.DIALix.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: commit-owner@FreeBSD.org
Precedence: bulk

On Mon, 7 Aug 1995, Wolfram Schneider wrote:
> 
> Paul Traina writes:
> >This is pretty bogus (IMO).  This is absolutely positivel NOT the sort of
> >information you want to present to a user before they've logged in.
> 
> You know this famous program called 'sendmail'? 
> 
> $ telnet localhost smtp
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220-localhost Sendmail 8.6.9/8.6.9 ready at Mon, 7 Aug 1995 01:39:45 +0200
>                        ^^^^^^^^^^^Version                            ^^^TZ/country/law
> 220 ESMTP spoken here
>     ^^^protocol
> 
> Wolfram

Yes, this is unfortunate.  Even Satan knows how to scan for the version 
numbers of known-vulnerable sendmails, and I've seen a few programs that 
some of our wannabe-elite-cracker type users have left behind after being 
dispatched..  Lets just say that some of the heuristics about trying to 
deduce vulnerabilities from the 220-signon were interesting.. :-)

Adding a special pseudo-domain-name to "named" was on the cards for a 
while too.  eg:  dig @hostname VERSION. TXT - but this was eventually 
dropped too for security reasons..  Most older named's have spoofing 
problems, and the 4.9.0 and 4.9.2 series have their own problems.  Even 
4.9.3 <= beta18 has problems with accepting bogus data as authorative, 
potentially being exploitable.

Sigh.  Having this sort of information is nice, provided that it's kept 
away from the public, or you're prepared upgrade at the very second 
that a hole is found, and the fix becomes available.

-Peter