From owner-freebsd-security  Wed Jun 26 18:32:47 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA11161
          for security-outgoing; Wed, 26 Jun 1996 18:32:47 -0700 (PDT)
Received: from zap.zap.qc.ca ([192.219.247.20])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA11156
          for <freebsd-security@freebsd.org>; Wed, 26 Jun 1996 18:32:44 -0700 (PDT)
Received: (from fortin@localhost) by zap.zap.qc.ca (8.7.5/8.7.3) id VAA14466; Wed, 26 Jun 1996 21:32:39 -0400 (EDT)
Date: Thu, 27 Jun 1996 03:32:38 +0200 (MDT)
From: Denis Fortin <fortin@zap.qc.ca>
Reply-To: fortin@acm.org
To: Brian Tao <taob@io.org>
cc: Thomas Ptacek <tqbf@enteract.com>,
        FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: How secure is FreeBSD 2.1 right after install? (fwd)
In-Reply-To: <Pine.NEB.3.92.960626194353.8402C-100000@zap.io.org>
Message-ID: <Pine.BSF.3.91.960627032249.14446A-100000@zap.zap.qc.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 26 Jun 1996, Brian Tao wrote:
> On Wed, 26 Jun 1996, Thomas Ptacek wrote:
> > 8.7.4's got exploitable problems in it... they're just not public
> > knowledge yet. People *are* running around with scripts for it.
> 
>     It's not public knowledge, yet there are people out there with
> exploit scripts.  I assume this situation came about because the holes
> haven't been fixed in 8.7.5 yet?  If they have, then there is no
> reason to publically disseminate the exploits.

8.7.5 is a very minor update over 8.7.4 that gets around a tiny bug that 
could cause network connections to hang.

If there's a hole in 8.7.4, I fully expect 8.7.5 to also exhibit it.

Denis, sigh...

PS. What this world needs is a really simple smtpd