[11569] in bugtraq
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sat Aug 28 22:05:21 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990825120532.A19025@monad.swb.de>
Date: Wed, 25 Aug 1999 12:05:32 +0200
Reply-To: Olaf Kirch <okir@MONAD.SWB.DE>
From: Olaf Kirch <okir@MONAD.SWB.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl>; from Michal
Zalewski on Sun, Jul 04, 1999 at 01:38:48PM +0200
On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:
> I'm really angry
So am I.
Did you ever think of contacting Linux distribution maintainers before
making these things public, especially if they have as much impact
as a remotable hole in wu-ftpd?
I'm all for full disclosure intellectual property bla bla bla, but
just unloading a pile of shit on other people's doorsteps is NOT
what I would call in any way cooperative.
Olaf
PS: The wu-ftpd hole seems to apply _only_ to the VR series, and 2.5.
I checked 2.4beta17 from WU, and it didn't have any of that mapped_path
stuff.
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
