-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can any users of this package confirm if they actually knew about
this backdoor account? I don't see how a backdoor account accidently
makes its way into a database package like this. If this was
undocumented/unknown, I would have to assume it might have been
intentional from someone working on the project perhaps? I do not
use this database package, so I can't accuse anyone or any company of
this, but it's hard to imagine a 'backdoor account' making it's way
in the source otherwise. I guess we'll have to wait for a Borland
advisory.

My .02 cents
- -JD-

- -------
Jason DiCioccio
Evil Genius
Unix BOFH

mailto:jasondepylon.com

415-593-2761 Direct & Fax
415-593-2900 Main

Epylon Corporation
645 Harrison Street, Suite 200
San Francisco, CA 94107
www.epylon.com

BSD is for people who love Unix -
Linux is for people who hate Microsoft

- -----Original Message-----
From: Trevor Johnson [mailto:trevorjpj.net]
Sent: Wednesday, January 10, 2001 4:40 PM
To: securityfreebsd.org; security-officerfreebsd.org; Berend de
Boer
Subject: CERT advisory: "Interbase Server Contains Compiled-in Back
Door
Account"

The advisory is at http://www.cert.org/advisories/CA-2001-01.html .
The
way I read it, ports/databases/interbase4 is likely to be affected.
- --
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOl0D51CmU62pemyaEQIGvACfbSM7MG/0gIDhJ3Fg2H3r7cERreQAni31
AZprugMdEMqVJZCJ7MqdDBab
=ShAU
-----END PGP SIGNATURE-----


• application/octet-stream attachment: Jason_DiCioccio.vcf

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]