[NMLUG] Oops! Linux Bug Escapes Early

Aaron Birenboim nmlug@swcp.com
Fri, 30 Nov 2001 10:08:51 -0700

Warner Losh wrote:
> In message <3C07B7BD.8020906@spinn.net> Matt Grommes writes:
> : Also, I don't know how I feel about these "coordinated releases". To me,
> : it just gives crackers more time to exploit the holes.
> You definitely see a huge spike in penetration attempts after people
> go public with these things.  A few days is *REALLY* needed to get
> fixes in place.  Some crackers may exploit the holes in the interrum,
> but more people upgrade if the fixes are in place when the advisory is
> issued.
> I know.  I'm the former FreeBSD security officer and on the SO team.
> I'm pissed at redhat for jumping the gun, since it makes more mop up
> work for me.

I don't understand yet.  Matt makes sense to me.
Why not release a patch ASAP?

Is it that the hackers read the patch to make exploits?
Hence the hackers get the RedHat patch, ane make exploits before
most systems are fixed?

BTW...   I run FreeBSD.  Can I assume that my ftpd is free of this
hole?  (WU-ftpd claims to be BASED on *BSD's ftpd)
Aaron Birenboim | Black holes are where G-d divided
Albuquerque, NM |      by zero.
aaron@boim.com  |
boim.com/~aaron |                      -Steven Wright
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html