Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!uunet!fub!dobag.in-berlin.de!lumpi
From: lumpi@dobag.in-berlin.de (Joern Lubkoll)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <5A5NKHK@dobag.in-berlin.de>
Date: 12 Feb 91 22:51:45 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb11.184130.11321@jwt.UUCP> <1991Feb12.052336.29639@motcad.portal.com>
Organization: Dobag Computer Systems Berlin
Lines: 20

jtc@motcad.portal.com (J.T. Conklin) writes:
>In article <1991Feb11.184130.11321@jwt.UUCP> john@jwt.UUCP (John Temples) writes:
>>In article <KR3NBQQ@dobag.in-berlin.de> lumpi@dobag.in-berlin.de (Joern Lubkoll) writes:
>>>it seems that your very cute interactive unix System has a nice bug !
>>
>>Yikes.  This also works on ESIX-D without a coprocessor, and on ISC 2.0.2
>>*with* a coprocessor.  It failed on Microport 2.2 with a coprocessor.
>>
>>Now, the question is, what do we do to protect ourselves in the meantime?
>If I remember correctly, Sun Microsystems sent out a fixed version of 
>sendmail to its customer base free of charge the week after the Internet
>Worm Attack.  I see no reason why we should expect less from the i386
>UNIX vendors.  In my opinion, any vendor that doesn't respond to this
>problem with the attention it is due, doesn't deserve to be in business.
so mote it be ... says me :-)

jl

-- 
lumpi@dobag.in-berlin.de  --  "Nothing is the complete absence of everything."