Bugtraq mailing list archives
[Fwd: [Fwd: BUGTRAQ Digest - 1 Feb 1999 to 2 Feb 1999 (#1999-30)]]
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Thu, 4 Feb 1999 20:26:42 +0000
This is a multi-part message in MIME format. --------------162582D455F4AE63B21D4367 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I've been asked for the fix for Irix's nsd. Here's what the man said. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi --------------162582D455F4AE63B21D4367 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: from mailgate.algroup.co.uk (mailgate-fw.algroup.co.uk [192.168.254.5]) by freeby.ben.algroup.co.uk (8.6.12/8.6.12) with SMTP id TAA29509 for <ben () freeby ben algroup co uk>; Thu, 4 Feb 1999 19:19:59 GMT Received: (qmail 27584 invoked by uid 1002); 4 Feb 1999 19:19:37 -0000 Delivered-To: aldigit-ben () algroup co uk Received: (qmail 15545 invoked from network); 4 Feb 1999 19:19:37 -0000 Received: from eastwood.aldigital.algroup.co.uk (194.128.162.193) by mailgate.algroup.co.uk with SMTP; 4 Feb 1999 19:19:37 -0000 Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id TAA15768 for <ben () algroup co uk>; Thu, 4 Feb 1999 19:19:36 GMT Message-ID: <36B9F2C8.9FED9106 () algroup co uk> Date: Thu, 04 Feb 1999 19:19:36 +0000 From: Adam Laurie <adam () algroup co uk> Organization: A.L. Group plc X-Mailer: Mozilla 4.07 [en] (Win95; I) MIME-Version: 1.0 To: Ben Laurie <ben () algroup co uk> Subject: Re: [Fwd: BUGTRAQ Digest - 1 Feb 1999 to 2 Feb 1999 (#1999-30)] References: <36B9E4F8.28D3374B () algroup co uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit They're in the Irix 6.5.3 overlays, which were released a few days ago. They wouldn't tell me exactly what the exploit was, but the "fix" is to only allow the NFS to be mounted locally (whether they've done this sensibly or not I couldn't say, but I'll be installing the overlays on monday, so Watch This Space(tm)). cheers, Adam Ben Laurie wrote:
Do we? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ------------------------------------------------------------------------ Subject: Re: BUGTRAQ Digest - 1 Feb 1999 to 2 Feb 1999 (#1999-30) Date: Thu, 04 Feb 1999 12:53:05 -0500 From: Valdis.Kletnieks () vt edu To: Ben Laurie <ben () ALGROUP CO UK> CC: BUGTRAQ () NETSPACE ORG References: <19990203000741Z70265-9984+1008 () brimstone netspace org> <36B83C58.4EC1B2E1 () jaleo idecnet com> <36B888C5.633F0F77 () algroup co uk> On Wed, 03 Feb 1999 17:35:01 GMT, you said:Speaking of which, we've been more than a little alarmed by the new dsn "security feature" which opens ports all over the place and exports stuff with NFS and generally does horrible stuff, but you can't switch it off if you want DNS (say SGI)! There's already a patch out for it, which hasn't been noted here, AFAIK, BTW.Do you have an SGI patch or bug number handy for this? I am not finding any hits on 'nsd' or '/usr/sbin/nsd' in SupportFolio Online.. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech ------------------------------------------------------------------------ Part 1.2.1.2 Type: application/pgp-signature
-- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam () algroup co uk UNITED KINGDOM PGP key on keyservers --------------162582D455F4AE63B21D4367--
Current thread:
- [Fwd: [Fwd: BUGTRAQ Digest - 1 Feb 1999 to 2 Feb 1999 (#1999-30)]] Ben Laurie (Feb 04)