Bugtraq mailing list archives
Re: SN 4.0 huge security hole
From: tiemann () CYGNUS COM (Michael Tiemann)
Date: Wed, 13 May 1998 17:21:40 -0700
Your message has been received, understood, and a technical fix has been implemented and is being tested. We have disabled ftp downloads of SN-Lite for all platforms, and have already formulated a fix. We are contacting CERT to post a proper advisory and fix. I would ask that in the future, you follow proper security notification protocol, which is to attempt to contact the vendor with such problems first, so that immediate action can be taken to resolve the problem before widely exposing the vulnerability. You should reserve public exposure for the rare cases that the vendor ignores your warning. As it is, you have probably induced several enterprising crackers to attempt to exploit this vulnerability in the few hours it will take us to re-spin all the software, and thus you are the one who would be liable for any mis-use of this bug. Please direct your followups to myself, not the lists that I have ack'd your message to. Thanks, Michael Tiemann
Current thread:
- Re: SN 4.0 huge security hole Michael Tiemann (May 13)