[12501] in bugtraq
Re: FreeBSD 3.3's seyon vulnerability
daemon@ATHENA.MIT.EDU (Bill Fumerola)
Tue Nov 9 14:53:47 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.10.9911091155320.54276-100000@jade.chc-chimes.com>
Date: Tue, 9 Nov 1999 11:57:30 -0500
Reply-To: Bill Fumerola <billf@CHC-CHIMES.COM>
From: Bill Fumerola <billf@CHC-CHIMES.COM>
X-To: Brock Tellier <btellier@USA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991109035038.4631.qmail@www0h.netaddress.usa.net>
On Mon, 8 Nov 1999, Brock Tellier wrote:
> In preparing for this advisory release, I checked for "seyon" vulnerabilities
> in the bugtraq archives. I found that the exploit I had developed had already
> been discussed in May 1997. However, this does not change the fact that the
> current version of FreeBSD still ships a vulnerable version with vulnerable
> privs. I believe this is still worth noting. Here is my advisory as it was
> to be published before the previous vulnerability came to light.
<not speaking on behalf of FreeBSD>
It would be nice if you:
(a) filed a pr using send-pr(1) or the web interface
or
(b) contacted security-officer@FreeBSD.org
or
(c) sent mail to the maintainer of the port
to provide some sort of fighting chance before mailing Bugtraq. I'm
a huge bugtraq/full-disclosure advocate, but I also believe in giving
a group a fighting chance to fix it first.
Thanks,
--
- bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp -
- ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org -
