oss-sec mailing list archives

Re: Re: Some fun with tcp_wrappers

From: Tomas Hoger <thoger () redhat com>
Date: Tue, 28 Apr 2009 11:22:53 +0200

Hi Steve!

On Fri, 24 Apr 2009 19:10:11 -0400 (EDT) "Steven M. Christey"
<coley () linus mitre org> wrote:

Given last week's round of discussion on this list and related
commentary in Red Hat 491095, I still don't know how to write up
CVE-2009-0786. Should we focus it on the hosts_ctl() usage in the
Fedora version of tcp_wrappers?


Given Wietse's (original upstream author) comments, original behavior
is intended one, so 0786 should be rejected.  We're not adding the
change as security fix to the product versions where it's not included
already.

Thank again to Wietse for his comments!

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

Re: Re: Some fun with tcp_wrappers, (continued)
- - - Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
    - Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 15)
    - Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
    - Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
    - Re: Re: Some fun with tcp_wrappers Steven M. Christey (Apr 15)
    - Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
    - Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
    - Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
    - Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
    - Re: Re: Some fun with tcp_wrappers Steven M. Christey (Apr 24)
    - Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 28)
    - Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
    - Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)