CERT disclosure policy Re: More info regarding: std.pl, the rpc.statd linux mass rooter

[marc <marc () ZOUNDS NET>]

On 16 Dec 2000, Rainer Weikusat wrote:

> marc <marc () ZOUNDS NET> writes:
> > I've heard different things from a lot of people about this.  I do
> > not feel comfortable posting the script itself,
>
> [...]
>
> > I will take the full script and send it to CERT, who has requested a
> > copy,
>
> <URL:/http://www.kb.cert.org/vuls/html/disclosure>
>
> Fortunately, so to say...

        after reading that, it seems to me that would apply to the
vulnerability, in this case a statd vulnerability which is already well
known, but may not apply to their releasing new exploits or tools.

can anyone clarify that?


marc