[13488] in bugtraq
Re: Info on some security holes reported against SCO Unixware.
daemon@ATHENA.MIT.EDU (Brock Tellier)
Fri Jan 21 19:55:03 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20000121172707.22946.qmail@nwcst290.netaddress.usa.net>
Date: Fri, 21 Jan 2000 11:27:07 CST
Reply-To: Brock Tellier <btellier@USA.NET>
From: Brock Tellier <btellier@USA.NET>
X-To: Aaron Sigel <aarons@SCO.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Aaron Sigel <aarons@SCO.COM> wrote:
> Greetings,
>
> Recent Bugtraq posts have exposed security holes with a couple
> packages distributed with SCO's Skunkware CD. These packages
> are:
> majordomo (wrapper, resend)
> orion (pis, mkpis)
>
> These issues are security holes in the distributed versions of these
> packages, and are not SCO security holes.
No, I was doing a UnixWare audit, which, as far as I know, does not include
the Skunkware CD. Even if it does, I'm sure I didn't install it on top of the
normal UW CD install. If these applications are from the Skunkware distro and
were merely included on the UW installation CD's, the user is never notified
that they are installing "unsupported", possibly insecure software. From an
end-user perspective, it doesn't make any difference that these programs are
insecure but not written by SCO.
Brock Tellier
UNIX Systems Administrator
Chicago, IL, USA
btellier@usa.net
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
