Several of our Solaris 2.6 systems appear to be under attack using whatever exploit prompted CERT advisory CA-98.11. As near as I can tell, turning off stack executability appears to be protecting us from the attack, though core files are generated each time. (The core files have been forwarded to Sun.) According to Sun the patches 105802-06 and 104489-08 do not resolve the buffer overflow problem with rpc.ttdbserverd. For my own sanity, I would appreciate it if someone would forward me the exploit that prompted CA-98.11. I would like to test our systems for this vulnerability. --Scott
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:40 PDT