[2227] in bugtraq
Livingston bugs...
daemon@ATHENA.MIT.EDU (Jay 'Whip' Grizzard)
Tue Sep 12 16:39:40 1995
Date: Tue, 12 Sep 1995 10:58:01 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: "Jay 'Whip' Grizzard" <elfchief@lupine.org>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
I saw the "pmcrash" program, but I never saw the commentary on it that
was supposedly sent before the exploit was sent. Anyone know the details
of how it works? (other than the obvious explenation provided by reading
the source...)
I talked to livingston via email, they indicated that this problem
has already been fixed for the "portmaster" products, but that for
other products (the IRX routers, etc), a fix would be present in
_the next major release of the software_. Given that livingston has just
done a major release of their software, I wonder how long it's going to
be until I can get fixed software.
I, personally, can't understand such a passive attitude on the part of
Livingston -- I personally would call a bug where you can crash virtually
anyone's network connection, from virtually anywhere in the world, to be
a major bug. Maybe it's just me...
ObBugTraq: Apparently (at least, under limited testing), putting up a filter
to prevent folks from getting to your login port from the outside world
will protect you -- Except I don't _want_ to have to start filtering things
out, and in some circuimstances (backbone routers, etc), it's not exactly
a viable option. Do YOU want to have the bandwith of several T1's all
running through a filter before they get off the router? No, thanks...
Sigh.
McDonalds looks more and more tempting as a place of employment...
-WW
