Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock

From: Olaf Kirch (okirat_private)
Date: Wed Aug 25 1999 - 03:05:32 PDT

Next message: Jonathan A. Zdziarski: "Re: Security Bug in Oracle"

Previous message: Michael K. Johnson: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Next in thread: Chris Butler: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:
> I'm really angry

So am I.

Did you ever think of contacting Linux distribution maintainers before
making these things public, especially if they have as much impact
as a remotable hole in wu-ftpd?

I'm all for full disclosure intellectual property bla bla bla, but
just unloading a pile of shit on other people's doorsteps is NOT
what I would call in any way cooperative.

Olaf

PS: The wu-ftpd hole seems to apply _only_ to the VR series, and 2.5.
I checked 2.4beta17 from WU, and it didn't have any of that mapped_path
stuff.
--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okirat_private  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okirat_private    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

Next message: Jonathan A. Zdziarski: "Re: Security Bug in Oracle"
Previous message: Michael K. Johnson: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Next in thread: Chris Butler: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:19 PDT