SecurityFocus

11 years of inetd default insecurity? Sep 06 2003 02:08PM
3APA3A (3APA3A SECURITY NNOV RU) (5 replies)

Re: 11 years of inetd default insecurity? Sep 09 2003 05:17PM
Darren Pilgrim (dmp bitfreak org)

Re: 11 years of inetd default insecurity? Sep 08 2003 11:24PM
Dan Harkless (bugtraq harkless org)

Re: 11 years of inetd default insecurity? Sep 08 2003 05:50PM
Mike Tancsa (mike sentex net) (1 replies)

Re: 11 years of inetd default insecurity? Sep 09 2003 02:07PM
Jonathan A. Zdziarski (jonathan nuclearelephant com) (1 replies)

Re: 11 years of inetd default insecurity? Sep 10 2003 06:47PM
Greg A. Woods (woods weird com)

Re: 11 years of inetd default insecurity? Sep 08 2003 01:46AM
Thamer Al-Harbash (tmh whitefang com) (1 replies)

On Sat, 6 Sep 2003, 3APA3A wrote:

> Dear bugtraq (at) securityfocus (dot) com [email concealed],
>
> Well, we all blame Microsoft in insecure default configuration... Isn't
> it time to clean outdated code in Unix?

This has been a known problem for quite a while. In fact
D. J. Bernstein already solved it with tcpserver:

http://cr.yp.to/ucspi-tcp.html

If you look at the bottom he points out pretty much what you
pointed out.

--
Thamer Al-Harbash
GPG Key fingerprint: D7F3 1E3B F329 8DD5 FAE3 03B1 A663 E359 D686 AA1F
"HLAGHLHALUAG (KTHANX)"

[ reply ]

Re: 11 years of inetd default insecurity? Sep 08 2003 07:44PM
Dan Stromberg (strombrg dcs nac uci edu) (1 replies)

Re: 11 years of inetd default insecurity? Sep 10 2003 06:40AM
Andres Kroonmaa (andre online ee)

Re: 11 years of inetd default insecurity? Sep 07 2003 09:59PM
Dagmar d'Surreal (dagmar wants nospam com) (1 replies)

Re: 11 years of inetd default insecurity? Sep 08 2003 10:46PM
Mike Hoskins (mike adept org)