The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #226 [getting action] (1 message, 975 bytes)
NOTICE: recognises the rights of all third-party works.


From: Paul A Vixie <>
To: phage
Date: Thu 01:52:54 10/11/1988 EST
Subject: getting action
References: [Thread Prev: 222] [Thread Next: 227] [Message Prev: 224] [Message Next: 227]

Someone on this list, I can't say who without his permission, just told me:

# We discovered the hole in fingerd a few months ago (as a result of
# one of our students discovering it first)  and I reported it to
# Berkeley, but they didn't seem very interested.  So I guess it takes
# a major disaster like this to get any action on getting things
# fixed.

To which I add:

Yes, it does.  This is one reason _among_several_ why I recommend strongly
that the source (original preferred, disassembled if that's all we have)
to the worm be distributed to the Whole World.  Not all vendors (not all
users!) will take it seriously unless they see lawsuits on the horizon
("and we intend to prove that the defendent shipped this operating system
KNOWING it had well-known security flaws!")

We need to wait a month or so, but we damned well need to distribute it.

This next part was very interesting -- who wants to go look?

# rcp has a similar vulnerability - at least I know it fills a buffer
# without checking for overflow, and our kiddies were playing with it.
# I don't know if they were successful in using it to crack a system.

I've got a routed(8) to teach about dynamic point-to-point interfaces
tonight, and I havn't got time to go poking into rcp or rcpd.  But I'd
like to exploit the parallelism of this list -- can someone else go and
poke at it and let us know what you find?