Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] suse 8.0 local root exploit..
  • From: Sebastian Krahmer <krahmer@xxxxxxx>
  • Date: Mon, 12 Aug 2002 11:33:01 +0200 (CEST)
  • Message-id: <Pine.LNX.4.33.0208121131570.16624-100000@xxxxxxxxxxxxxxx>
On Sat, 10 Aug 2002, Len Rose wrote:

GOBBLES is probably monitoring the ftp servers. They probably
got to know about the bug by diffing the updated packages which
are already available for one or two days.




Sebastian

> That was the very reason we wanted full disclosure list created because
> things like this do get leaked, and if people are armed with knowledge,
> they can defend. I am sorry that the public leak may cause SuSE problems,
> I can appreciate the pressure it places on the team.
>
> I know that with the current team at SuSE we're in good hands :)
>
> Len
>
> On Sat, Aug 10, 2002 at 01:13:58PM +0200, Olaf Kirch wrote:
> > On Sat, Aug 10, 2002 at 05:22:55AM -0400, Len Rose wrote:
> > >
> > > FYI: http://lists.netsys.com/pipermail/full-disclosure/2002-August/000950.html
> >
> > We've been preparing a security update for this problem and are
> > in the process of releasing it.
> >
> > It seems this leaked somehow :-(
> >
> > Olaf
> > --
> > Olaf Kirch | Anyone who has had to work with X.509 has probably
> > okir@xxxxxxx | experienced what can best be described as
> > ---------------+ ISO water torture. -- Peter Gutmann
>
>

--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~



< Previous Next >
References