From: owner-cypherpunks@toad.com
To: N/A
Message Hash: 381745ecafe4e129db75bc706cc590afbd7f786532c420cf7955163a55eac57c
Message ID: <199603290546.NAA11595@infinity.nus.sg>
Reply To: N/A
UTC Datetime: 1996-03-29 05:46:01 UTC
Raw Date: Fri, 29 Mar 1996 13:46:01 +0800
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 13:46:01 +0800
Subject: No Subject
Message-ID: <199603290546.NAA11595@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain
The syslog problem is fixed in baseline SunOS 5.5.
Sun and HP are apparently doing what the stupid law mandates - and they
should do so, whether someone at NSA (or whatever) is on their case or
not. :) They should also have someone in their respective legal
departments bucking ITAR very hard.
"tres-dangerous" must have been typed with a snear, no?
ECafe Anonymous Remailer wrote:
>
> I noticed that Sun's latest libc patch (101759-04) is empty. Previous
> versions contained the complete U.S. version of libc, including the
> tres-dangerous DES and crypt functions. In the current rev only the
> README remains, presumably because:
> EXPORT INFORMATION: This patch includes code which performs
> cryptographic functions, which are subject to U.S. export
> control, and must not be exported outside the U.S. without
> prior approval of the U.S. government. Prior export approval
> must be obtained by the user of this patch.
>
> So, you might ask, what fixes is Sun not distributing???
> (Rev 04)
> 1190985 gethostbyname() can trash an existing open file descriptor.
> 1182835 portmapper silently fails with version mismatch by PC-NFS
> client
> 1219835 Syslog(3) can be abused to gain root access on 4.X systems.
>
> Yup, that's right. The syslog hole that was so well publicized by
> CERT will remain open indefinitely because the ITAR makes it illegal
> for Sun to distribute the fix!
>
> So did HP and Sun spontaneously, simultaneously develop crypto awareness,
> or is some gummint dweeb whispering threats in their ear?
Return to March 1996
Return to “owner-cypherpunks@toad.com”
1996-03-29 (Fri, 29 Mar 1996 13:46:01 +0800) - No Subject - owner-cypherpunks@toad.com