Re: Is FreeBSD susceptible to this vulnerability?
From: Brett Glass (brett@lariat.org)
Date: 03/28/02
- Next message: Moti Levy: "How can I erase my fingertips ."
- Previous message: David Pick: "Re: Is FreeBSD susceptible to this vulnerability?"
- In reply to: David Pick: "Re: Is FreeBSD susceptible to this vulnerability?"
- Next in thread: Cy Schubert - CITS Open Systems Group: "Re: Is FreeBSD susceptible to this vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Mar 2002 12:22:38 -0700 To: David Pick <d.m.pick@qmul.ac.uk> From: Brett Glass <brett@lariat.org>
At 07:58 AM 3/28/2002, David Pick wrote:
>The notice says it's an "information leakage" vulnerability that
>can leak information useful for otherwise unrelated brute-force
>attacks.
True. In particular, it could facilitate brute force password
guessing attacks, because it does not appear that any special
measures are taken after wrong guesses.
Claims that it's a "Back Orifice for UNIX" (cf The Register)
are overblown, of course.
BTW< It appears that Caldera reported and fixed this years ago.
The issuers of the security notice probably dredged up the report
and began to test other UNIX implementations.
--Brett
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Moti Levy: "How can I erase my fingertips ."
- Previous message: David Pick: "Re: Is FreeBSD susceptible to this vulnerability?"
- In reply to: David Pick: "Re: Is FreeBSD susceptible to this vulnerability?"
- Next in thread: Cy Schubert - CITS Open Systems Group: "Re: Is FreeBSD susceptible to this vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
