in.telnetd
Roger Gonzalez
rg at msel.unh.edu
Mon Apr 1 03:54:55 AEST 1991
In article <14471 at life.ai.mit.edu> fidelio at geech.gnu.ai.mit.edu (Rob J. Nauta) writes:
>About three weeks ago I wrote a program that listens along with in.telnetd
>and manages to read the username and password by using some tricks.
>I sent the program to SUN and CERT, who have rushed out new versions
>for SunOS. But apart from a 'we have received your mail and will forward it
>to someone' absolutely no news, mail, nothing about this.
>So, I want to know, what's up ? Has anyone heard anything ?
>
>Greetings, Rob
I got a notification from CERT about it and patches were put in uunet's
sun-dist directory, among ather places. This brought to light one of my
chief beefs about CERT: they just say that there is a hole, and where to
get something to fix it. I get queasy when CERT says "quick - go
replace your in.telnetd" without any explaination of where the hole is.
To get on the CERT mailing list, you're supposed to be root at a site,
but I see CERT bulletins posted all over the net! What's the point in
having a semi-secure list to find out about security holes when all you
get is a watered down alert that gets posted -everywhere-?
Harumph.
--
"The question of whether a computer can think is no more interesting
than the question of whether a submarine can swim" - Edsgar W. Dijkstra
rg@[msel|unhd].unh.edu | UNH Marine Systems Engineering Laboratory
r_gonzalez at unhh.bitnet | Durham, NH 03824-3525
More information about the Comp.unix.admin
mailing list