At least you can't use CERT's advisory to crack root on a site, and wipe out important files; 8lgm's advisories were, and in fact are being used for those purposes as well. ---- End Included Message ---- Well, I for one, as a net admin/COMPSECO would rather see HOW a cracker can get root on my machines, versus CERT saying "Well, they can, we know how, and here's who to talk to to get the patch, but they won't tell you the way it works." CERT is good for announcements and industry-wide stuff, but I'd prefer 8lgm to CERT in terms of quality info and fixes. Besides, it's not like the information is secret, people WILL find out. Why not post it early on so's we can defend against such an attack? Information can be used for both honorable and dishonorable purposes. Our task is to know the difference. My two cents, flames send to /dev/null. :) rf