Re: 11 years of inetd default insecurity?

From: Thamer Al-Harbash (tmh_at_whitefang.com)
Date: 09/08/03

  • Next message: 3APA3A: "Re[2]: 11 years of inetd default insecurity?"
    Date: Sun, 7 Sep 2003 21:46:28 -0400 (EDT)
    To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
    
    

    On Sat, 6 Sep 2003, 3APA3A wrote:

    > Dear bugtraq@securityfocus.com,
    >
    > Well, we all blame Microsoft in insecure default configuration... Isn't
    > it time to clean outdated code in Unix?

    This has been a known problem for quite a while. In fact
    D. J. Bernstein already solved it with tcpserver:

    http://cr.yp.to/ucspi-tcp.html

    If you look at the bottom he points out pretty much what you
    pointed out.

    -- 
    Thamer Al-Harbash
    GPG Key fingerprint: D7F3 1E3B F329 8DD5 FAE3  03B1 A663 E359 D686 AA1F
                        "HLAGHLHALUAG (KTHANX)"
    

  • Next message: 3APA3A: "Re[2]: 11 years of inetd default insecurity?"