> Vulnerability: Automountd > Operating System: SUN Solaris > Versions affected: 2.5, 2.5.1, 2.6, 2.7 (X86 and SPARC architectures) I tested this exploit on several systems and I found the following: 2.5 - not vulnerable with my testing 2.5.1 - vulnerable for patch 104654-03 and below, not vulnerable once 104654-04 or higher applied. 2.6 - not tested 2.7 - not tested Perhaps the forged DNS would have made 2.5.1 104654-04+ vulnerable, but using the suggested test with "/etc/hosts" did not. Has anyone else done any useful testing and/or have any opinions on what to do to thwart this? It appears to me that putting 2.5.1 patch 104654-05 (current) takes care of the problem. Am I missing something? Michael Russell Michael_Russellat_private Senior Systems Programmer Brown University Providence, RI 02912 USA
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:29 PDT