Path: utzoo!utgpu!attcan!uunet!husc6!rutgers!elbereth.rutgers.edu!ron.rutgers.edu!ron
From: ron@ron.rutgers.edu (Ron Natalie)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Getting Vendors To Fix Bugs
Message-ID: <Nov.10.08.46.34.1988.10857@ron.rutgers.edu>
Date: 10 Nov 88 13:46:36 GMT
References: <2120@kalliope.rice.edu>
Organization: Rutgers Univ., New Brunswick, N.J.
Lines: 10

I don't know why you say that.  Many of the infected sites had source
for sendmail.  As a matter of fact, we had done some local modifications
to it and were mildly familiar with the code and we were still hit.
We were still hit after I had ripped out all the ifdef DEBUG code out
of an earlier release of sendmail due to an even more BLATENT security
bug that the one recently divulged.  We got a new release with the earlier
bug fixed and people figured that we didn't need to go to the effort of
ripping all that stuff out again.

-Ron