From owner-freebsd-questions Mon Jul 26 20:34:25 1999 Delivered-To: freebsd-questions@freebsd.org Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (Postfix) with ESMTP id 01F3F151CC for ; Mon, 26 Jul 1999 20:34:13 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id NAA19950; Tue, 27 Jul 1999 13:02:54 +0930 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id NAA63024; Tue, 27 Jul 1999 13:02:53 +0930 (CST) Date: Tue, 27 Jul 1999 13:02:53 +0930 From: Greg Lehey To: Stede Bonnet Cc: freebsd-questions@FreeBSD.ORG, mediabiz@nytimes.com Subject: Re: About the security issue in NY Times Message-ID: <19990727130253.O62218@freebie.lemis.com> References: <19990727124216.M62218@freebie.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from Stede Bonnet on Mon, Jul 26, 1999 at 11:06:43PM -0400 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Monday, 26 July 1999 at 23:06:43 -0400, Stede Bonnet wrote: > On Tue, 27 Jul 1999, Greg Lehey wrote: > >> On Monday, 26 July 1999 at 22:45:10 -0400, Stede Bonnet wrote: >>> In todays Business section, an article by Sara Robinson discusses a >>> security problem apparent on UNIX OS's. >>> >>> How is that related to FreeBSD? Do I have anything to worry about, and >>> what should I do if I need to do something? >> >> I don't know. We don't get the New York Times here. What were the >> details? Is it on the web somewhere? > > I just located the 'address for comments from readers and coverage > suggestions: "mediabliz@nytimes.com" and the URL > > www.nytimes.com/business Well, for the benefit of those who don't want to first have to subscribe and look for the article, the real URL is http://www.nytimes.com/library/tech/99/07/biztech/articles/26flaw.html. It's really impolite to expect people to search for things when you know the URL, though in this case it might be possible that you wouldn't get access. In any case, here's the relevant part of the article: SAN FRANCISCO -- A leading computer security group is reporting a significant rise in potentially dangerous attacks that exploit security holes in programs shipped with the Unix operating system. The article is pretty vague about what it's talking about: The attacks primarily exploit software that manages an appointment calendar program that is shipped with Unix operating systems from makers of powerful servers, In any case, it refers to CERT (http://www.cert.org/). They have the low-down at http://www.cert.org/advisories/CA-99-08-cmsd.html. It's part of CDE, which is not supported on FreeBSD. Nothing which affects FreeBSD has been reported recently. Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message