[techtalk] Major security bug
jenn at simegen.com
jenn at simegen.com
Sat May 12 09:07:44 EST 2001
> I just found a huge security flaw that lets anyone take root control
> of your computer during boot.
> I sent mandrake a bug report, but who should I send this information
> to? I found it posted on a linux users list for beginners, so it is
> online for crackers to find. I found it while searching for something
> else entirely.
Is it Mandrake-specific? Or does it affect other distros? Do you
even know?
Telling the distro is a good thing. But there's also CERT...
http://www.cert.org/
CERT (and related others, like AusCERT) is a centralised place that
manages security breaches, patches, advisories and warnings.
Look under 'Incidents, quick fixes and vulnerabilities', there's
'report an incident' and 'reporting guidelines'. Check the guidelines
first, of course. :) But if you tell CERT, it'll be in every smart
sysadmin's hands quickly.
Jenn V.
--
"Do you ever wonder if there's a whole section of geek culture
you miss out on by being a geek?" - Dancer.
jenn at simegen.com Jenn Vesperman http://www.simegen.com/~jenn/
More information about the Techtalk
mailing list