The following was stated by mikeaat_private: > SCO is working on investigating and fixing the recent > vulnerabilities reported here (namely the 19 buffer > overflows, Xt and lpr exploits). We will have a patch > for OpenServer 5.0.5 in two weeks, which will be available > from http://www.sco.com/security/. I want to point out that it has been four weeks since this post and not a single thing has changed on the URL above. However, on the BUGTRAQ side of things several more exploits for Openserver 5.0.5 have been posted as well as a Unixware 7.1 exploit. (Thank you Brock for all the work you've done to help improve SCO's security) Although there have been several posts by people knowledgeable about SCO saying that work is being done, there are no new patches available on their website. I realize that fixing this many issues takes time, but since time is of the essence in keeping systems secure, couldn't incremental fixes or workarounds be released (ala hotfixes)? Those of us who have to support SCO systems would certainly appreciate it. Four weeks really should be enough time to at least post a message saying those people who do not need to be using SCO Doctor or some other such Skunkware utility should uninstall it until patches can be made. Not all of us in support want to wait six months for the next release supplement to fix problems critical to our systems. -- Jon Mitchell Systems Engineer, Subject Wills and Company jrmat_private -- These views are mine and should not be attributed to my employer --
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:09 PDT