[plug] incase anyone wasnt aware..CERT advisory [ BIND ]

Christian christian at amnet.net.au
Tue Nov 14 14:38:34 WST 2000


On Tue, Nov 14, 2000 at 02:23:09PM +0800, Bret Busby wrote:
 
> > those that are are probably mostly professional admins who should be on
> > their vendors security mailing list anyway (as a bare minimum).
> 
> And, bugtraq, and, especially the CERT mailing list, shouldn't they, as
> a matter of course?

Well, bugtraq is quite a high-traffic list so I wouldn't expect the
majority of people to want to subscribe (assuming that they would
understand most of it).  CERT is mostly just too damn slow to be of any
real use -- plus CERT advisories etc. get posted to bugtraq (as well as
other lists... *grin*)

My advice would be to definitely be on the vendor's security list as
well as Ollie's suggestion of checking, say, Linux Weekly News once a
week.
 
> "Aargh!" says he, having recently got Star Office 5.2 running on his
> 6x86 with 32MB RAM (It thinks it can, it thinks it can, it thinks it
> can...). (However, on a mainly single-user system, it is notsomuch a
> threat, unless someone is able to obtain unauthorised access to the
> system)

Yeah, it doesn't affect all users.

> As you are responsible for the notification of the vulnerability (as
> opposed to being responsible for the vulnerability), should the fix be
> done, as a security action, regardless of using Star Office?

I would recommend that $TMPDIR and $TMP be set to point to safe location
on all systems regardless of how many users there are on it.  It will
solve the StarOffice soffice.tmp problem as well as (potentially)
countless others.




More information about the plug mailing list