Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!fub!tmpmbx!scuzzy!src
From: src@scuzzy.in-berlin.de (Heiko Blume)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <1991Feb13.220753.1387@scuzzy.in-berlin.de>
Date: 13 Feb 91 22:07:53 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb11.184130.11321@jwt.UUCP> <1991Feb12.052336.29639@motcad.portal.com>
Organization: Contributed Software
Lines: 20

jtc@motcad.portal.com (J.T. Conklin) writes:

>In article <1991Feb11.184130.11321@jwt.UUCP> john@jwt.UUCP (John Temples) writes:
>>Now, the question is, what do we do to protect ourselves in the meantime?

>If I remember correctly, Sun Microsystems sent out a fixed version of 
>sendmail to its customer base free of charge the week after the Internet
>Worm Attack.  I see no reason why we should expect less from the i386
>UNIX vendors.  In my opinion, any vendor that doesn't respond to this
>problem with the attention it is due, doesn't deserve to be in business.

especially considering the fact that they tell you (implicitly) in the release
notes that there is THE security problem in all 2.0.2 systems
and how to fix it in 2.2, only that they didn't mention that you
need a math co for it to work. the WORST feature ever!
-- 
      Heiko Blume <-+-> src@scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93
                    public source archive [HST V.42bis]:
        scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp
                     uucp scuzzy!/src/README /your/home