---
26 Nov 00 Full exploit sent to rich.boren_at_compaq.com, AusCERT and USyd
contacts
27 Nov 00 Receive acknowledgement, promises "to update you ... by mid
week (29th or 30th)"
4 Dec 00 After prompting on 30 Nov, says "engineering ... have not
had the chance to get through with their review/analysis"
10 Dec 00 Workaround posted to bugtraq (cc rich.boren): not approved by aleph1
12 Dec 00 Workaround posted to tru64-unix-managers, comp.unix.tru64 and
comp.security.unix (cc rich.boren_at_compaq.com), see
http://www.ornl.gov/its/archives/mailing-lists/tru64-unix-managers/2000/12/msg00171.html
http://www.ornl.gov/its/archives/mailing-lists/tru64-unix-managers/2000/12/msg00172.html
12 Dec 00 Get phone call from mark.menkhus_at_compaq.com (prompted by bugtraq
post, only knows about /sbin/it not rmtmpfiles), has trouble
reproducing the problem
15 Dec 00 Bug ID assigned:
"SSRT1-45U: a problem with /sbin/it, it.items and a possible root compromise".
"SSRT1-41U: a problem with rmtmpfiles"
Also note:
"SSRT1-40U: a problem with /bin/sh and it's temp files follow symlinks".
23 Jan 01 After prompting, says "We are beginning the first set of
underlying changes in the initial phase ..."
3 Feb 01 After prompting, says "engineers are testing the fixes to the
shell scripts and modified libraries for all the tmpfile issues,
bin/sh and ksh (mkdir, etc.....). ... working this diligently"
13 Feb 01 Says "status has not changed much ... working this diligently"
27 Feb 01 Says "status has not changed a great deal ... working this diligently"
Received on Tue Feb 27 2001 - 21:15:05 NZDT
This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:41 NZDT