[Full-disclosure] Solaris telnet vulnberability - how many on your network?
djm at mindrot.org
Wed Feb 14 21:15:26 GMT 2007
On Tue, 13 Feb 2007, Gadi Evron wrote:
> We all agree it is not a very likely possibility, but I wouldn't rule it
> out completely just yet until more information from Sun becomes
What more information do you need? You have an advisory, access to the
source code, access to the change that resolved the problem and
patient conversations with a very patient Casper Dik.
The onus is on you to demonstrate how this could be a backdoor.
Otherwise you are asking Sun to prove a negative.
IMO fixing security bugs at short notice is painful enough without
people like yourself and Steve Gibson casting assertions of malice.
Full-Disclosure is hosted and sponsored by Secunia.