Path: utzoo!utgpu!watmath!clyde!att!rutgers!mit-eddie!husc6!hscfvax!popvax!mohamed
From: mohamed@popvax.harvard.edu (Mohamed Ellozy)
Newsgroups: news.sysadmin
Subject: Re: A fix for ftpd
Keywords: ftpd
Message-ID: <271@popvax.harvard.edu>
Date: 17 Nov 88 14:41:58 GMT
References: <696@iraun1.ira.uka.de> <2978@ci.sei.cmu.edu>
Reply-To: mohamed@popvax.UUCP (R06400@Mohamed Ellozy)
Organization: Health Sciences Computing Facility, Harvard University
Lines: 15

In article <2978@ci.sei.cmu.edu> pdb@sei.cmu.edu (Patrick Barron) writes:
>
>The "official" fix was posted in comp.bugs.4bsd.ucb-fixes a couple of weeks
>ago.
>

Has any expletive deleted vendor done anything official about it?  Or is it
just tough luck for sites that run UNIX and do not follow the net?

On the same topic, has any vendor sent fixes to the bugs that the worm
exploited to ALL users via paper mail?

The real lesson from the worm and ftpd is that vendors are not doing a very
good job.  I have found tftpd enabled on two probably plain vanilla out
of the box Sun 386i's.  And so on and so forth.