Although Solaris 7 was not listed, since this is a recent bulletin I'm curious if anyone has some code I could run on my Solaris 7 Machine to see if it is vulnerable. On Wed, 18 Nov 1998, Aleph One wrote: > ---------- Forwarded message ---------- > Date: Wed, 18 Nov 1998 10:28:17 -0800 > From: Sun Security Coordination Team <secureat_private> > To: CWSat_private > Subject: Sun Security Bulletin #00179 > > -----BEGIN PGP SIGNED MESSAGE----- > > ________________________________________________________________________________ > Sun Microsystems, Inc. Security Bulletin > > Bulletin Number: #00179 > Date: November 18, 1998 > Cross-Ref: > Title: rdist > ________________________________________________________________________________ > > The information contained in this Security Bulletin is provided "AS IS." > Sun makes no warranties of any kind whatsoever with respect to the information > contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS, > REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR > IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE > HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. > > IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE, > PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL > OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY > ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN > THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF > THE POSSIBILITY OF SUCH DAMAGES. > > If any of the above provisions are held to be in violation of applicable law, > void, or unenforceable in any jurisdiction, then such provisions are waived > to the extent necessary for this disclaimer to be otherwise enforceable in > such jurisdiction. > ________________________________________________________________________________ > > 1. Background > > The rdist program is a setuid root utility that distributes files > from one host to another. Several buffer overflow vulnerabilities > have been discovered which could be exploited by an attacker to > gain root access. > > 2. Affected Supported Versions > > Solaris(tm) versions: 2.6, 2.6_x86, 2.5.1, 2.5.1_x86, 2.5, 2.5_x86, > 2.4, 2.4_x86 and 2.3 > > SunOS(tm) versions: 4.1.4 and 4.1.3_U1 > > 3. Recommendations > > Sun recommends that you install the respective patches immediately > on affected systems. > > Operating System Patch ID > _________________ _________ > Solaris 2.6 105667-02 > Solaris 2.6_x86 105668-02 > Solaris 2.5.1 103817-03 > Solaris 2.5.1_x86 103818-03 > Solaris 2.5 103815-03 > Solaris 2.5_x86 103816-03 > Solaris 2.4 103813-03 > Solaris 2.4_x86 103814-03 > Solaris 2.3 101494-04 > SunOS 4.1.4 103824-04 > SunOS 4.1.3_U1 103823-04 > > _______________________________________________________________________________ > APPENDICES > > A. Patches listed in this bulletin are available to all Sun customers via > World Wide Web at: > > <URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html> > > B. Checksums for the patches listed in this bulletin are available via > World Wide Web at: > > <URL:http://sunsolve.sun.com/sunsolve/pubpatches/patches.html> > > C. Sun security bulletins are available via World Wide Web at: > > <URL:http://sunsolve.sun.com/sunsolve/secbulletins> > > D. Sun Security Coordination Team's PGP key is available via World Wide Web > at: > > <URL:http://sunsolve.sun.com/sunsolve/secbulletins/SunSCkey.txt> > > E. To report or inquire about a security problem with Sun software, contact > one or more of the following: > > - Your local Sun answer centers > - Your representative computer security response team, such as CERT > - Sun Security Coordination Team. Send email to: > > security-alertat_private > > F. To receive information or subscribe to our CWS (Customer Warning System) > mailing list, send email to: > > security-alertat_private > > with a subject line (not body) containing one of the following commands: > > Command Information Returned/Action Taken > _______ _________________________________ > > help An explanation of how to get information > > key Sun Security Coordination Team's PGP key > > list A list of current security topics > > query [topic] The email is treated as an inquiry and is forwarded to > the Security Coordination Team > > report [topic] The email is treated as a security report and is > forwarded to the Security Coordination Team. Please > encrypt sensitive mail using Sun Security Coordination > Team's PGP key > > send topic A short status summary or bulletin. For example, to > retrieve a Security Bulletin #00138, supply the > following in the subject line (not body): > > send #138 > > subscribe Sender is added to our mailing list. To subscribe, > supply the following in the subject line (not body): > > subscribe cws your-email-address > > Note that your-email-address should be substituted > by your email address. > > unsubscribe Sender is removed from the CWS mailing list. > ________________________________________________________________________________ > > Copyright 1998 Sun Microsystems, Inc. All rights reserved. Sun, > Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks > of Sun Microsystems, Inc. in the United States and other countries. This > Security Bulletin may be reproduced and distributed, provided that this > Security Bulletin is not modified in any way and is attributed to > Sun Microsystems, Inc. and provided that such reproduction and distribution > is performed for non-commercial purposes. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBNlMEOrdzzzOFBFjJAQEcnQP/RcsWA24K1MkJAuHnyP2aAXOJc5p0VJIL > sWZXfan4xnefaEB6Rm08oyXIncCorNgpnzjr+746btjcnws19jC74zGxv7g0m/Vc > iLu3IGgvPUbPe4VULr0l8wyeSznwxEoN50N5r1DA7C34g5Vtf8cx1u3/kYWWRMa/ > 26FMoi1CMcY= > =x2Od > -----END PGP SIGNATURE----- > Thank you, Jonathan A. Zdziarski Sr. Systems Administrator Netrail, inc. 888.NET.RAIL x240
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:57 PDT