[18193] in bugtraq
Re: OpenBSD remote root
daemon@ATHENA.MIT.EDU (Emre)
Tue Dec 19 18:24:18 2000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <00121822132300.00955@buttercup>
Date: Mon, 18 Dec 2000 22:13:23 -0600
Reply-To: Emre <emre@SRENGINEERING.COM>
From: Emre <emre@SRENGINEERING.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001218062617.A18409@boehm.org>
On Sunday 17 December 2000 23:26, Typo Princep wrote:
> Now the funny thing is that 2 weeks have passed since the initial
> bugreport, to the openbsd bugs mailinglist, and NetBSD in the meanwhile
> seems to have put OpenBSDs bugfix into cvs.
>
> But noone has made the userbase aware of the security problems nor has any
> further discussion taken place on obsd-bugs.
From http://www.openbsd.org/plus.html:
SECURITY FIX: Fix buffer overflow in ftpd
A patch is available.
[Applied to stable]
For us, who check the daily changelog, this isn't new. I dont believe it's
OpenBSD's responsibility to notify every user of EVERY bug they fix. It's
your (the user's) responsibility to keep up with patches and such. If you
really care about your security, you should check the webpage more often.
Regards,
--
Emre Yildirim, Information Security Officer
GPG KeyID 0x92FE42F4 | http://1086362465/emre-dsa.asc
emre@SRENGINEERING.COM | emre.yildirim@US.ARMY.MIL
