lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 17 Feb 2007 17:20:41 -0500
From: "Cromar Scott" <SCromar@...ton.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: Solaris telnet vulnberability - how many on your network?

I have to wonder if the "old bug" complaints are coming in reference to
one of the following:

http://www.securityfocus.com/bid/3064/info
http://www.securityfocus.com/bid/5531/info

I know that my initial reaction was "haven't I seen this before?" but
the above two are what I found in my notes when I looked back.

(Note that the second of the two is reported to actually reference a
problem with login and not in.telnetd.)

--Scott


-----Original Message-----
From: greimer@...c.edu [mailto:greimer@...c.edu] 
Sent: Friday, February 16, 2007 4:55 PM
To: Anthony R. Nemmer
Cc: jf; thefinn12345@...il.com; bugtraq@...urityfocus.com
Subject: Re: Solaris telnet vulnberability - how many on your network?

>
> Let's taper off this thread.  It's getting downright boring.
>
> Thanks,
> Anthony Nemmer
>
 	We are kind of going around and around, but there's a couple of 
aspects to this that haven't even been talked about:

1) This seems like a case of "old code" somehow creeping back in to the 
current versions, and that's a phenomenon I've seen happen at a couple
of 
different places that I've worked at over the years. It's kind of a 
special case of version control gone bad, and I'm interested in how that

can happen and how to watch out for it.

1a) People have said that this bug was in old versions of SunOS/Solaris 
(and AIX I think) but nobody ever nailed down exactly when this was
fixed, 
versionwise. In fact, did anybody reproduce this in anything other than 
Solaris 10? It'd be nice to know the last old version that has the bug,
& 
the 1st that doesn't.

2) Does this have anything to do with the OpenSolaris effort? Like are 
people pulling in code from other sources?

Yours,

(George) Kurt Reimer
Fox Chase Cancer Center
 
 
 
 

This message may contain information that is confidential or privileged.  
If you are not the intended recipient, please advise the sender immediately
and delete this message.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ