Linux Today: Linux News On Internet Time.

CNET News: Hacker Says He Leaked Info on Unix Flaw

Mar 20, 2003, 19:00 (0 Talkback[s])
(Other stories by Robert Lemos)

"The outing of the advisories this weekend caused some consternation in the security world, because the companies involved didn't have time to create patches for the problems before the information became publicly known. When a security problem is found in their products, software makers prefer to release the information after a patch is available.

"One advisory outlines a problem with a library originally created by Sun Microsystems that is included in many Unix- and Linux-based operating systems. A second advisory highlights an issue in the Kerberos authentication system that could allow an attacker to impersonate other users. The third advisory discusses a specialized attack that could target servers using Secure Sockets Layer and break the software's encryption.

"The CERT Coordination Center had been prepping the advisories for publication. In an interview earlier this week, the organization identified 50 different companies that had access to all three advisories, and Sean Hernan, team leader for vulnerability handling at the CERT Coordination Center, believed one of the firms or one of the firms' employees may have leaked the information..."

Complete Story

Related Stories: