[2892] in bugtraq
Re: portmapper dangers
daemon@ATHENA.MIT.EDU (Wietse Venema)
Fri Jul 5 06:25:13 1996
Date: Fri, 5 Jul 1996 05:50:03 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Wietse Venema <wietse@wzv.win.tue.nl>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199607041921.PAA18293@Collatz.McRCIM.McGill.EDU>; from "der
Mouse" at Jul 4, 96 3:21 pm
Here's a suggestion. Why not pass on my comments to "deep throat" and
ask for his or her comments?
The claimed holes (set/unset from outside, unprivileged set/unset of
privileged ports) are already adressed in version 1 of my portmapper.
This makes me very curious about "deep throat"'s evidence for holes
in my program. Especially when they are announced on a public forum.
If there is a problem in my software I will fix it. I released this
program to protect my university's systems, and I have no desire to
hide any vulnerabilities under the rug.
Wietse
