[53364] in North American Network Operators' Group
Re: new bind vuln
daemon@ATHENA.MIT.EDU (Barney Wolff)
Wed Nov 13 00:48:26 2002
Date: Wed, 13 Nov 2002 00:46:28 -0500
From: Barney Wolff <barney@tp.databus.com>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: nanog@merit.edu
In-Reply-To: <20021113050604.270A27B68@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
This does beg the question (not that I hold *you* responsible!)
why the advisory had to come out before the patch. Does anyone
know whether the news had escaped to the blackhats? Otherwise
I cannot understand the rationale.
Barney
On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:
>
> CERT said that the ISS advisory was to be released on 13 November, and
> that the patch would be available from ISC next week. There was no
> indication about when CERT itself was going to issue an advisory, but
> clearly someone said something a day earlier than had been expected.
>
> --Steve Bellovin, http://www.research.att.com/~smb (me)
> http://www.wilyhacker.com ("Firewalls" book)
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
