Your message has been received, understood, and a technical fix has been implemented and is being tested. We have disabled ftp downloads of SN-Lite for all platforms, and have already formulated a fix. We are contacting CERT to post a proper advisory and fix. I would ask that in the future, you follow proper security notification protocol, which is to attempt to contact the vendor with such problems first, so that immediate action can be taken to resolve the problem before widely exposing the vulnerability. You should reserve public exposure for the rare cases that the vendor ignores your warning. As it is, you have probably induced several enterprising crackers to attempt to exploit this vulnerability in the few hours it will take us to re-spin all the software, and thus you are the one who would be liable for any mis-use of this bug. Please direct your followups to myself, not the lists that I have ack'd your message to. Thanks, Michael Tiemann
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:26 PDT