Date: Tue, 19 Mar 2002 09:56:11 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> Cc: security@FreeBSD.ORG Subject: Re: TCP connections on broadcast address - why no advisory? Message-ID: <20020319155611.GB44569@hellblazer.nectar.cc> In-Reply-To: <785082402.20020319134231@internethelp.ru> References: <785082402.20020319134231@internethelp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 19, 2002 at 01:42:31PM +0300, Nickolay A. Kritsky wrote: > Hello, freebsd-security. > > On the Bugtraq I have read report by Christ J. Clark about TCP > connections on broadcast address. It can be found on > http://online.securityfocus.com/archive/1/262733 . In this advisories > I've read following: > > <quote> > I committed changes to FreeBSD 5-CURRENT on Feburary 25th (CVS > revision 1.148) and to 4-STABLE on February 28th (revision > 1.107.2.21). After discussion with the FreeBSD security-officer@ team, > these changes will not be incorporated into the RELENG_4_{3,4,5} > security-fix branches nor will an advisory be released. > </quote> > > Why no advisory will be released? Because the fix will not be incorporated into the security fix branches, and in general we don't make changes to those branches without an advisory. It was not incorporated into the security fix branches, because this is more a theoretical problem rather than a real risk. As with the weak IS versus strong IS debate, it seems that only systems with already broken security policies would be affected. In other words, I believe this bug affects none of our user community. This doesn't mean that Crist's post to BUGTRAQ is not interesting --- it is, and well-written, too! --- it just didn't pass the taste test for an important security fix. > What if I wasn't subscribed to > BUGTRAQ? How would I know about this bug? Maybe I missed something. > Sorry then. How do you know about any bugs? Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319155611.GB44569>