|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Vulnerabilities in KTH Kerberos IV
From: kris
CITUSC.USC.EDUDate: Mon Dec 11 2000 - 19:10:42 CST
- Next message: Tom Pickles: "Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below."
- Previous message: Dmitry Galyant: "Stack too ;) Re: [pkc] remote heap buffer overflow in oops"
- In reply to: Jouko Pynnonen: "Re: Vulnerabilities in KTH Kerberos IV"
- Reply: krisCITUSC.USC.EDU: "Re: Vulnerabilities in KTH Kerberos IV"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Dec 11, 2000 at 12:28:31AM +0200, Jouko Pynnonen wrote:
> On Sun, 10 Dec 2000, Robert Watson wrote:
>
> > Despite being explicitly mentioned in the advisory as an affected
> > operating system and the statement of notification above, the FreeBSD
> > Project was not notified in advance of the release of this advisory. We
>
> I'd like to point out that it was OpenBSD who chose to make the
> vulnerabilities public at this point, which happened with an advisory and
> a patch they released almost three days before my Bugtraq posting came
> out.
As Aleph1 pointed out in other mail, the best solution is probably to cease
giving advance notification to vendors who can't cooperate with the wider
security community and at least try to coordinate information release.
Kris
- Next message: Tom Pickles: "Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below."
- Previous message: Dmitry Galyant: "Stack too ;) Re: [pkc] remote heap buffer overflow in oops"
- In reply to: Jouko Pynnonen: "Re: Vulnerabilities in KTH Kerberos IV"
- Reply: krisCITUSC.USC.EDU: "Re: Vulnerabilities in KTH Kerberos IV"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]