[Full-disclosure] Solaris telnet vulnberability - how many on your network?
Damien Miller
djm at mindrot.org
Wed Feb 14 21:15:26 GMT 2007
On Tue, 13 Feb 2007, Gadi Evron wrote:
> We all agree it is not a very likely possibility, but I wouldn't rule it
> out completely just yet until more information from Sun becomes
> available.
What more information do you need? You have an advisory, access to the
source code, access to the change that resolved the problem and
patient conversations with a very patient Casper Dik.
The onus is on you to demonstrate how this could be a backdoor.
Otherwise you are asking Sun to prove a negative.
IMO fixing security bugs at short notice is painful enough without
people like yourself and Steve Gibson casting assertions of malice.
-d
Full-Disclosure is hosted and sponsored by Secunia.