Slashdot Mirror


Solaris, AIX Login Hole

An anonymous submitter sent in: "A CERT Advisory describes a buffer overflow vulnerability in implementations of login derived from System V, which includes among Solaris 8 and earlier and AIX 4.3/5.1. "An exploit exists and may be circulating." Vendors are testing fixes." There's a Reuters story as well.

1 of 267 comments (clear)

  1. Sun et al aren't demanding silence, M$ is by FreeUser · · Score: 5, Flamebait

    Sun et al aren't demanding silence from security professionals who discover bugs, security holes, and exploits.

    Microsoft is.

    What is more, Microsoft is trying to bribe security professionals and services into silence, requiring among other things that Microsoft be informed of problems before the securty firm's own paying customers are.

    In short, Sun & Co. have done nothing improper or worthy of customer or professional outrage.

    Microsoft has.

    Biased or not, Slashdot and its readership are more than a little correct in bashing Microsoft's security policies, and in reporting security lapses of other firms as well, even though these other firms have behaved in a much more ethical and open manner.

    Had it been otherwise, you doubtless would have been bashing slashdot and its readership for not reporting the vulnerabilities.

    In short, Mr. Microsoft Flunky, get over yourself. If slashdot's pro-Free Software and pro-GNU/Linux bias upsets you so much, then go hang out in a pro-Microsoft forum where you can suck up as much Redmond marketing drivel as your heart desires, while leaving the rest of us in peace.

    --
    The Future of Human Evolution: Autonomy