Full Disclosure mailing list archives
Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
From: Nigel Houghton <nigel () sourcefire com>
Date: Wed, 17 Sep 2003 10:13:46 -0400 (EDT)
Around Yesterday kernelclue () hushmail com said: k :OpenSSH runs on a number of platforms, Windows included. To say this k :reflects on GNU/Linux or any Linux distro is just nonsense. I don't think that's the point. Hopefully he's complaining in a humorous manner about the number of notices sent to the list from various vendors each time they fix a port/package or any other issue with the os. I too get annoyed with these people, they should run their own security notifications/announcements lists and inform their users they should sign up to get notified of fixes/updates. Why any of them should need to spam this list is beyond me, I have never seen an official M$ or *BSD security update mail sent here. It's not just this list either, they send to quite a number, Bugtraq being a prime example. I would prefer they cease this practice, it would cut down on noise. Now after contributing to the noise on the list, I'll shut up now. k : k :On Tue, 16 Sep 2003 11:29:30 -0700 Dave Monk <dave () themaneater com> wrote: k :>Recent security advisories featuring the operating system known as k :>'GNU/Linux' (formerly minix) has had a negative effect on the k :>listserv. k :> k :>The problem stems from the polymorphic, virus-like phenomenon also k :>known as the 'Linux distro', the Linux distro allows any single k :>permutation of a base Linux install (such as location of the mail k :>spool) to actually qualify and require an entire new operating k :>system distribution. At this point in time there are over 50 k :>distros out there. k :> k :>The cascade failure effect is that the minute a hole or flaw in k :>a k :>base Linux subsystem such as the kernel or system tools immediately k :>causes a flood of 'vendor' emails sent to bugtraq describing each k :>way to disable/upgrade the broken feature on their OS. k :> k :>The effect is that the 'signal to stupid-linux-bug ratio' on the k :>lists gets completely out of whack thereby diluting the utility k :>of the list. k :> k :>Solutions: k :> k :> None. (how do you expect to stop a tidal wave of suicidal VC money?) k :> k :>Workarounds: k :> k :>1) All advisories should be filtered through RMS, which would achieve k :> the desired effect of delaying their posting indefinitely. k :>2) All such advisories should be prefixed by '[YASLB]' in the subject k :>line k :> (yet another stupid linux bug) so I can filter this stupid crap. k :> k :>thanks, k :>everyone k :> k :> k :>bugzilla () redhat com (bugzilla () redhat com) wrote: k :>> -----BEGIN PGP SIGNED MESSAGE----- k :>> Hash: SHA1 ------------------------------------------------------------- Nigel Houghton Security Research Engineer Sourcefire Inc. Vulnerability Research Team "Mankind hasn't even got the technology to create a toupee that doesn't get big laughs." -- Lister Message dated: Sep 17 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability bugzilla (Sep 16)
- Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Dave Monk (Sep 16)
- <Possible follow-ups>
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability bugzilla (Sep 16)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability kernelclue (Sep 16)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Matt Collins (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Jedi/Sector One (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Nigel Houghton (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Matt Collins (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Brown, Rodrick (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Len Rose (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Valdis . Kletnieks (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Damian Gerow (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Bojan Zdrnja (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Schmehl, Paul L (Sep 17)