Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x

[ben () ITAUDIT COM AU (Benjamin Smee)]

At 12:05 PM 25/08/99 +0200, you wrote:
> On Sun, Jul 04, 1999 at 01:38:48PM +0200, Michal Zalewski wrote:
> > I'm really angry
>
> So am I.
>
> Did you ever think of contacting Linux distribution maintainers before
> making these things public, especially if they have as much impact
> as a remotable hole in wu-ftpd?
>
> I'm all for full disclosure intellectual property bla bla bla, but
> just unloading a pile of shit on other people's doorsteps is NOT
> what I would call in any way cooperative.

Hello,

Once again this issue raises its head. Why do all the developers who read 
the list believe that they should be informed before everyone else? The 
hole existed and was being exploited, at least Michal gave all the users 
who were using Wu-ftp the opportunity to do something about it BEFORE the 
developers put out their patches. Not everyone believes in the inform the 
vendor first motto that seems to be increasingly prevalent in Bugtraq. When 
are the vendors going to realise this and learn to deal with it?

regards,

Benjamin Smee
Senior Computer Security Consultant
Fingerprint: 4574 41AD D801 1533 455C  E5F8 79C4 CEF1 AED8 58C1

___________________________
IT Audit & Consulting (ITAC) Pty Ltd
                        ben () itaudit com au