Re: CERT Alert on new sendmail bug - any info?

Larry Kealey (kealeyl@Phibro.COM)
Tue, 22 Aug 1995 07:56:00 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dr. Frederick B. Cohen: "Re: CERT Alert on new sendmail bug - any info?"
Previous message: Paul Ashton: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Maybe in reply to: Dr. Frederick B. Cohen: "CERT Alert on new sendmail bug - any info?"

on Aug 21, Karl Strickland Wrote:
>After several lengthy discussions explaining the vulnerability to SUN
>(mostly to convince them that a problem actually existed), we promised
>them we would not release any exploit info until their patch was
>available (in this instance).

To him I respond:

First, Karl, This is a FULL DISCLOSURE List, secondly, as I recall my
advisory - SUN is not the only vendor OS affected. You want to make
agreements with SUN not to disclose THIER vulnerabilities until they make
a patch - fine - don't post to BUGTRAQ.

L Kealey

Next message: Dr. Frederick B. Cohen: "Re: CERT Alert on new sendmail bug - any info?"
Previous message: Paul Ashton: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Maybe in reply to: Dr. Frederick B. Cohen: "CERT Alert on new sendmail bug - any info?"