Date: Thu, 28 Mar 2002 12:22:38 -0700 From: Brett Glass <brett@lariat.org> To: David Pick <d.m.pick@qmul.ac.uk> Cc: security@FreeBSD.ORG Subject: Re: Is FreeBSD susceptible to this vulnerability? Message-ID: <4.3.2.7.2.20020328121638.035b4100@nospam.lariat.org> In-Reply-To: <E16qbLv-0004xx-00@xi.css.qmw.ac.uk> References: <Your message of "Thu, 28 Mar 2002 07:31:03 MST." <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:58 AM 3/28/2002, David Pick wrote: >The notice says it's an "information leakage" vulnerability that >can leak information useful for otherwise unrelated brute-force >attacks. True. In particular, it could facilitate brute force password guessing attacks, because it does not appear that any special measures are taken after wrong guesses. Claims that it's a "Back Orifice for UNIX" (cf The Register) are overblown, of course. BTW< It appears that Caldera reported and fixed this years ago. The issuers of the security notice probably dredged up the report and began to test other UNIX implementations. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020328121638.035b4100>