[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.64.0702161644340.4499@lisa.fccc.edu>
Date: Fri, 16 Feb 2007 16:55:24 -0500 (EST)
From: greimer@...c.edu
To: "Anthony R. Nemmer" <intertwingled@...st.net>
Cc: jf <jf@...glingpointers.net>, thefinn12345@...il.com,
bugtraq@...urityfocus.com
Subject: Re: Solaris telnet vulnberability - how many on your network?
>
> Let's taper off this thread. It's getting downright boring.
>
> Thanks,
> Anthony Nemmer
>
We are kind of going around and around, but there's a couple of
aspects to this that haven't even been talked about:
1) This seems like a case of "old code" somehow creeping back in to the
current versions, and that's a phenomenon I've seen happen at a couple of
different places that I've worked at over the years. It's kind of a
special case of version control gone bad, and I'm interested in how that
can happen and how to watch out for it.
1a) People have said that this bug was in old versions of SunOS/Solaris
(and AIX I think) but nobody ever nailed down exactly when this was fixed,
versionwise. In fact, did anybody reproduce this in anything other than
Solaris 10? It'd be nice to know the last old version that has the bug, &
the 1st that doesn't.
2) Does this have anything to do with the OpenSolaris effort? Like are
people pulling in code from other sources?
Yours,
(George) Kurt Reimer
Fox Chase Cancer Center
Powered by blists - more mailing lists