On Fri, 29 May 1998, Joe Harrington wrote:
> Unfortunately, neither the CERT advisory nor Red Hat's Errata site
> stated in clear language a layman can understand that this bug was an
> external root security hole, and many therefore did not consider it
> very serious. There are lots of internal security holes that give
Well, part of the problem is that, as remote-root exploits go, it ISN'T
very serious. Relatively few people run named in the first place, and of
those, relatively few of them enable fake-iquery (which is not all that
useful anyway). But a larger percentage of Red Hat systems seem to have
fake-iquery enabled, maybe it was by default in 4.x. (What about 5.0?)
> root access, but external risk is rarer. A statement should accompany
> each security patch indicating the kind of risk the patch avoids. If
That's a good idea.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
