administrativa: dupes

16 Aug 2000

      Hi together,

some people have reported that they get some older messages from this 
list again for the second time (mails from my address were among them). 

There is no way for me to tell how this happens because the mails aren't
being delivered through our list engine.

There is a chance that this phenomenon is connected to the mail (quoted
below) that came through bugtraq on Tuesday, sent by an individual named
Matthias Kaempf. It's a mail from Thomas Biege with headers cut off,
hopelessly outdated because the original was sent a few months ago.

My reply to it (forwarded without quotes below) on bugtraq hasn't been
approved (yet) by Elias Levy, bugtraq's moderator - I've made some
assumptions on the origin of the maverick mail.

If you have received such a dupe and read this mail before 1200MET on
Thursday (I'll have enough of them by then...), please forward it to me,
including _all_ header lines. I hope this helps to pin down the culprit.

Thanks,
Roman.
-- 
 -                                                                      -
| Roman Drahtmüller       //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

---------- Forwarded message ----------
From: Roman Drahtmueller 
To: BUGTRAQ@securityfocus.com
Date: Tue, 15 Aug 2000 20:00:49 +0200 (MEST)
Subject: Re: [suse-security-announce] makewhatis bug

This is indeed messy. 

Thomas' comment on makewhatis is some months old, and this mail is a
result of either 

* poor scripting or
* MTAs that still can't distinguish btw header and envelope.
* error btw kbd and chair

We've seen several mails like this on our contact address lately, but we
didn't expect them to show up in a public forum.

Aleph, it was sent after my reply.

Thanks,
Roman.
-- 
 -                                                                      -
| Roman Drahtmüller       //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

On Mon, 14 Aug 2000, Matthias Kaempf wrote:
...
From: Matthias Kaempf 
To: BUGTRAQ@securityfocus.com
Date: Mon, 14 Aug 2000 20:02:08 +0200
Subject: [suse-security-announce] makewhatis bug
Hi,
a few days ago a /tmp race condition bug in the makewhatis program was
posted on bugtraq.
We are NOT vulnerable by this bug, because we use different code, which
doesn't touch /tmp in a unsecure way.
Bye,
     Thomas
--
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: thomas@suse.de      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
   Key fingerprint = 09 48 F2 FD 81 F7 E7 98  6D C7 36 F1 96 6A 12 47
--
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com