Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
On Tue, 12 Mar 2002, Zephaniah E. Hull wrote:
> On Tue, Mar 12, 2002 at 05:46:13PM +1100, Andrew Tait wrote:
> > Unless your are going to dial into a malicious ISP, I doubt this will be a
> > problem (AFAIK, but don't quote me).
>
> Or unless you happen to be a small ISP using pppd on the receiving end
> and have malicious users?
That is what I am concerned about. We are a freenet with about 1000
active users. Depending on your viewpoint, unfortunatley one of the other
volunteers upgraded dialup server to 2.4 kernel with the bunk packages in
an attempt to improve the problematic equinox SST and upgrade the eqnx
module. We are moving to an acend max within a couple of months, but a
real exploit to our current pppd problem is likely to available before
then.
Our non-profit board of directors recently decided to allow a user back on
that stole one of our machines over 2 years ago and has continued to be a
pain in the ass. If a script kiddie exploit becomes available, he just
might do some serious damage.
Unless someone has some other suggestions, I'll try the hyrid potato/woody
suggested by Andrew Tait sometime this weekend.
Thanks,
Chuck
Reply to: