[4587] in bugtraq
Re: Announcement: Important
daemon@ATHENA.MIT.EDU (Bruce Perens)
Tue May 27 04:32:06 1997
Date: Mon, 26 May 1997 20:44:00 PDT
Reply-To: Bruce Perens <bruce@pixar.com>
From: Bruce Perens <bruce@PIXAR.COM>
X-To: florian@knorke.saar.de, heiko@unifix.de, security@debian.org,
rf@lst.de, mark@wgs.com, adam@yggdrasil.com,
security@caldera.com, bs@suse.de, ewt@redhat.com, Alan Cox
<alan@cymru.net>
To: BUGTRAQ@NETSPACE.ORG
I must agree with your lack of faith in CERT. I warned them about a
problem with the Berkeley FTP daemon code (on December 28) that would
allow someone to bypass a firewall and impersonate a user on the inside
of a network. I have yet to see any response, and the problem still
exists on many systems _other_than_Linux_, including important
government and educational sites. I informed most Linux distributions,
and they fixed the problem promptly.
Note that other CERT-like agencies, such as AUSCERT, have a much better
record of responding to Linux alerts.
Bruce Perens
Debian Project Leader
--
Bruce Perens K6BP Bruce@Pixar.com 510-215-3502
Finger bruce@master.Debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6 1F 89 6A 76 95 24 87 B3
