Yes, I'm sure a lot of people are aware of it. http://blogs.sun.com/tpenta/entry/the_in_telnetd_vulnerability_exploit
temporary patch out fairly quickly, regular patch not too much later. It was a really stupid bug, though (IMO). But people have obviously also been thinking about the bigger picture, too: http://blogs.sun.com/gbrunett/entry/tracking_infected_telnet_worm_machines http://blogs.sun.com/chrisg/entry/telnet_lessons There was discussion of it here, too: http://www.opensolaris.org/jive/thread.jspa?threadID=23943&tstart=0 What do you mean about coincidence? Possibly the code being available made it likelier that it was discovered. I don't think much of those who find something that nasty and tell the whole world about it on a Friday, rather than giving those responsible at least a few day's advance notice. But aside from that, and something that dumb not having been caught before it was ever a problem, I think everyone behaved reasonably well. So talking about coincidences (often a code word for some sort of goofy conspiracy theory) seems to me to be either unclear or unjustified. Since (AFAIK) automated proofs-of-correctness are still seldom feasible, and even the most capable humans are fallible, I suppose all operating systems have vulnerabilities discovered in them. Solaris is nowhere near the worst, certainly better overall than Windows or even Linux. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
