[21815] in bugtraq
Re: telnetd exploit code
daemon@ATHENA.MIT.EDU (aleph1@securityfocus.com)
Tue Jul 24 14:49:43 2001
Date: Tue, 24 Jul 2001 12:23:18 -0600
From: aleph1@securityfocus.com
To: Sebastian <scut@nb.in-berlin.de>
Cc: cami <camis@mweb.co.za>, vulnwatch@vulnwatch.org,
vuln-dev@securityfocus.com, PEN-TEST@securityfocus.com,
bugtraq@securityfocus.com
Message-ID: <20010724122318.W21994@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010724173756.A5574@nb.in-berlin.de>; from scut@nb.in-berlin.de on Tue, Jul 24, 2001 at 05:37:56PM +0200
* Sebastian (scut@nb.in-berlin.de) [010724 09:38]:
> I do not know who let this posting through, but I think something went
> seriously wrong here.
>
> What do the mailing list administrators do here, letting a confidential
> source code with full copyright and confidentiality header intact through a
> public mailing list. The Bugtraq mailing list was especially noted as
> example even in the header, which should not be allowed to disclose this.
>
> Although a lot of Bugtraq readers might not agree with me here, I think
> there is a right under which I can deny the disclosure of this source code.
> Call it privacy, call it copyright, I do not care about its name.
Sebastian is correct. It was an error to approve the message given he
clearly stated in the comments he did not wish it distributed. For
that I apologize.
That being said, it been quite obvious that for a while now that this
exploit is being shared in the underground and has been used actively
to break into systems. Better control of exploits one does not wish
to see distributed may be called for.
> Oh, and another odd thing, there is no X-Approved-By: this time in the
> post, I wonder why. Do you know ?
The X-Approved-By header was inserted by LISTSERV. We been using ezmlm,
which does not insert the header, for a while now.
> ciao,
> -scut
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
