From owner-freebsd-questions  Mon Jul 26 20:34:48 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from arutam.inch.com (ns.inch.com [207.240.140.101])
	by hub.freebsd.org (Postfix) with ESMTP id C378615230
	for <freebsd-questions@FreeBSD.ORG>; Mon, 26 Jul 1999 20:34:42 -0700 (PDT)
	(envelope-from freyes@inch.com)
Received: from your-name (freyes.static.inch.com [207.240.212.43])
	by arutam.inch.com (8.9.3/8.8.5) with SMTP id XAA06264;
	Mon, 26 Jul 1999 23:34:23 -0400 (EDT)
Message-Id: <199907270334.XAA06264@arutam.inch.com>
From: "Francisco Reyes" <freyes@inch.com>
To: "Greg Lehey" <grog@lemis.com>,
	"Stede Bonnet" <stede@dgriffin.org>
Cc: "dutch@charm.net" <dutch@charm.net>,
	"freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Date: Mon, 26 Jul 1999 23:34:54 -0400
Reply-To: "Francisco Reyes" <freyes@inch.com>
X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.1998)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: About the security issue in NY Times
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 27 Jul 1999 12:42:16 +0930, G
wrote:

>On Monday, 26 July 1999 at 22:45:10 -0400, Stede Bonnet wrote:
>> In todays Business section, an article by Sara Robinson discusses a
>> security problem apparent on UNIX OS's.
>> How is that related to FreeBSD?  

>Is it on the web somewhere?

http://search.nytimes.com/books/search/bin/fastweb?getdoc+cyber-lib+cybe
r-lib+13579+0+wAAA+unix

Requires a free subscription to the Online NY Times

One significant paragraphs is:

>The attacks primarily exploit software that manages an appointment
>calendar program that is shipped with Unix operating systems from
>makers of powerful servers, including Sun Microsystems Inc. and
>Hewlett-Packard Co. Sun has already released a patch for the problem,
>and Hewlett-Packard plans to do so soon, according to CERT. 


There is also a mention of a program which checks for known holes, but
this is not new. There are been programs like this for a while. (i.e.
Satan)

Probably the most significant paragraph is:
>Though patches for the previously identified bugs have been available for
>some time, many system administrators have not yet applied them. 

Doesn't really seem like these are new bugs, just that they have been
recently been used by crackers in a larger scale than before.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message