Full Disclosure mailing list archives
The last word on the Linux Slapper worm
From: vdongen () hetisw nl (vdongen)
Date: Thu, 26 Sep 2002 11:30:14 +0200
As I've pointed out elsewhere, patching old versions without changing the version number is so stupid it leaves me boggling. But I guess in future I'll write into advisories: "warning - your vendor may be such a moron that you can't tell whether you are vulnerable or not by the version number, so I advise building from source or switching to a vendor with a clue".
I have to disagree on this, the way debian patches the current versions of the stable distribution is a good thing in my opinion. Instead of upgrading the software, they backport the fixes in the current version. This prevents getting new problems with compatibility and such when inplementing new versions. New versions of a certain package mosty require updates of other packages and/or rewriting config files. which is something that requires lots of testing before applying on a production machine. Which is time you mostly don't have when a problem is found. Greetings, Ivo van Dongen
Yeah, I know they bump some other number that if you know what you are doing will indicate whether you are vulnerable. Obviously its impossible for that information to get into the advisory. In short, I don't see what you expect us to do about this, except to try to get vendors to behave sensibly. Cheers, Ben.
Current thread:
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 23)
- <Possible follow-ups>
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 23)
- The last word on the Linux Slapper worm Ron DuFresne (Sep 23)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 25)
- The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm vdongen (Sep 26)
- The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm Mike Tone (Sep 26)