Re: 11 years of inetd default insecurity?

From: Thamer Al-Harbash (tmh_at_whitefang.com)
Date: 09/08/03

  • Next message: 3APA3A: "Re[2]: 11 years of inetd default insecurity?" 
    Date: Sun, 7 Sep 2003 21:46:28 -0400 (EDT)
To: 3APA3A <3APA3A@SECURITY.NNOV.RU>

    On Sat, 6 Sep 2003, 3APA3A wrote:

    > Dear bugtraq@securityfocus.com,
    >
    > Well, we all blame Microsoft in insecure default configuration... Isn't
    > it time to clean outdated code in Unix?

    This has been a known problem for quite a while. In fact
    D. J. Bernstein already solved it with tcpserver:

    http://cr.yp.to/ucspi-tcp.html

    If you look at the bottom he points out pretty much what you
    pointed out. 

    -- 
Thamer Al-Harbash
GPG Key fingerprint: D7F3 1E3B F329 8DD5 FAE3  03B1 A663 E359 D686 AA1F
                    "HLAGHLHALUAG (KTHANX)"
  • Next message: 3APA3A: "Re[2]: 11 years of inetd default insecurity?"

    Relevant Pages

    • Re: FreeBSD Kernel Internals Documentation
      ... A good software design philosophy is that good software works out of the ... box without configuration using reasonable defaults, but, that that the ... reliable and easier to use as well means that the common driver has fewer ... There is no dount that UNIX is a better design system, ...
      (freebsd-questions)
    • Re: R.I.P. Steve Jobs
      ... It was real UNIX, but with an intelligent, functional GUI on top, called NeXTStep. ... Sun had Sunview, but a lot of system configuration on a Sun box was still done in ... Suddenly all the UNIX configuration ... The bigger issue is just how much did he "borrow" from Xerox PARC? ...
      (rec.audio.pro)
    • broken upgrade of postfix_2.3.7-3 -> 2.3.8-2 (etch)
      ... Today's postfix update has broken my smtp configuration, ... enjoy any help troubleshooting - I have downgraded to 2.3.7-3 for the ... virtual unix - n n - - virtual ... maildrop unix - n n - - pipe ...
      (Debian-User)
    • Re: IRIX Questions
      ... Are you guys so damn insecure with yourselves that you ... OK* was the fact you kept pounding how you know UNIX really well. ... Now there is a difference between overlay streams and products marked as ... "new" in the feature stream, but that's a story for another day. ...
      (comp.sys.sgi.admin)
    • Re: Public IP on LAN combined with Internet access
      ... You say the UNIX box is providing SCO Terminal Services. ... This configuration isn't described ... your UNIX server with its public address. ... your UNIX box with address 192.48.1.1, all of your LAN ...
      (microsoft.public.windows.server.sbs)