On Wed, 26 Jun 2002 at 5:44pm (-0700), David Talkington wrote: > Matthew Melvin wrote: > > >And all this was done with the knowledge that there was a live exploit > >out in the wild for this. > > That's the first I've heard of that. Can you support it? As I've said, > this condition would absolutely tilt my position toward yours.
The ISS notice said... "X-Force is aware of active exploit development for this vulnerability." ... which I'll admit intially misread as saying there was active exploitation so I guess I have to step back from my assertion that they knew of an exploit. But reading between the lines (this is after all an ISS release) I'm not sure that they didn't. But the general feel of openssh-dev and the fact that the promised security announcement is 4 or 5 days early suggest their hand was forced. My 'favorite' comment is from Ben Lindstrom ... "Say thank you to who ever leaked the expliot. Next track them down and cut their hands off." ... as I'd happily wield the knife. :) M. -- WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company Level 5, 100 Wickham St. Network Operations - Systems Engineer PO Box 930, Fortitude Valley. phone: +61 7 3249 2557 Queensland, Australia 4006. pgp key id: 0x900E515F _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
