avolio@decuac.DEC.COM (Frederick M. Avolio) (11/08/88)
No official fix has come out from Digital regarding the sendmail/fingerd worm hole (whoah!) because ULTRIX machines are not affected. ULTRIX sendmail has been compiled with the debug feature turned off and fingerd does not exist on ULTRIX. Field test systems (ULTRIX 3.0) do have these holes but FT sites were communicated with personally. ULTRIX 3.0 will not have these bugs/holes when it ships next month. Fred
mohamed@popvax.harvard.edu (Mohamed Ellozy) (11/09/88)
In article <2581@decuac.DEC.COM> avolio@decuac.DEC.COM (Frederick M. Avolio) writes: >No official fix has come out from Digital regarding the sendmail/fingerd >worm hole (whoah!) because ULTRIX machines are not affected. ULTRIX sendmail What is the status of ftpd under ULTRIX (present, Field Test and future)? Does the bug exist, and if so have users been notified? As I recall, the bug was only described in comp.bugs.4bsd.ucb-fixes, a group that is probably subscribed to by very few binary sites.
hutch@net1.ucsd.edu (Jim Hutchison) (11/09/88)
Whoa! Wakeup! DEC is not doing people a favor by not supplying them with a handy feature like debug. Cleaning up the bug/feature *in* debug is a fix, dropping the feature is creating a limitation. Hopefully this feature will come back without the bug/feature in it. /* Jim Hutchison UUCP: {dcdwest,ucbvax}!cs!net1!hutch ARPA: JHutchison@ucsd.edu These are my opinions, and now you have your perceptions of them. */
peirce@gumby.cc.wmich.edu (Leonard J. Peirce) (11/09/88)
In article <269@popvax.harvard.edu> mohamed@popvax.harvard.edu (Mohamed Ellozy) writes: >In article <2581@decuac.DEC.COM> avolio@decuac.DEC.COM (Frederick M. Avolio) writes: >>No official fix has come out from Digital regarding the sendmail/fingerd >>worm hole (whoah!) because ULTRIX machines are not affected. ULTRIX sendmail > >What is the status of ftpd under ULTRIX (present, Field Test and future)? >Does the bug exist, and if so have users been notified? As I recall, the >bug was only described in comp.bugs.4bsd.ucb-fixes, a group that is probably >subscribed to by very few binary sites. Yes, the ftpd bug does exist. Shut off anonymous FTP for the time being. I have contacted our DEC rep to see if a patch is available. -- Leonard J. Peirce Internet: peirce@gumby.cc.wmich.edu Western Michigan University peirce@gw.wmich.edu Academic Computer Center Voice: (616) 387-5469 Kalamazoo, MI 49008
decot@hpisod2.HP.COM (Dave Decot) (11/10/88)
> No official fix has come out from Digital regarding the sendmail/fingerd > worm hole (whoah!) because ULTRIX machines are not affected. ULTRIX sendmail > has been compiled with the debug feature turned off and fingerd does not > exist on ULTRIX. The same is true of HP-UX systems. Dave Decot HP