From owner-freebsd-security Mon Feb 3 05:10:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA27725 for security-outgoing; Mon, 3 Feb 1997 05:10:49 -0800 (PST) Received: from enteract.com (root@enteract.com [206.54.252.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA27718 for ; Mon, 3 Feb 1997 05:10:41 -0800 (PST) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id HAA26121; Mon, 3 Feb 1997 07:10:17 -0600 (CST) From: "Thomas H. Ptacek" Message-Id: <199702031310.HAA26121@enteract.com> Subject: Re: Critical Security Problem in 4.4BSD crt0 To: proff@suburbia.net Date: Mon, 3 Feb 1997 07:09:35 -0600 (CST) Cc: tqbf@enteract.com, security@freebsd.org Reply-To: tqbf@enteract.com In-Reply-To: <19970203125327.8353.qmail@suburbia.net> from "proff@suburbia.net" at Feb 3, 97 11:53:27 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Sometimes vauge hints in unrelated messages is all you get ;) Thanks, Proff! =) > by the time I got around to doing FreeBSD security reviews the > problem had disappeared of its own accord. The problem's not gone. The problem's nowhere near gone. There are tons of 2.1.5 and 2.1.6 systems on the net. As long as the distributions remain on the FreeBSD FTP servers, they should be kept secure. A problem that renders every single program on the system vulnerable is serious regardless of which revision it affects. Neh? Thanks. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "I'm standing alone, I'm watching you all, I'm seeing you sinking."