Re: Exploit of rpc.cmsd

From: Casper Dik (casperat_private)
Date: Wed Jul 14 1999 - 01:28:43 PDT

Next message: Paul Murphy: "Re: IGMP fragmentation bug - another behavior"

Previous message: Aleph One: "Re: Exploit of rpc.cmsd"
Maybe in reply to: Bob Todd: "Exploit of rpc.cmsd"
Next in thread: Casper Dik: "Re: Exploit of rpc.cmsd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Several exploits for rpc.cmsd seems to be floating around. This
>vulnerability is being actively exploited. The vulnerability
>is known to exist at least in Solaris 7, possibly in earlier
>versions.
>
>Sun patch 107022-02 does not fix the vulnerability. Sun
>has been informed and they are working on a patch. Should be
>fixed in 107022-03.

The following patches have now been released:

	107022-03 	CDE 1.3 (Solaris 7/SPARC)
	107023-03 	CDE 1.3_x86 (Solaris 7/x86)
	
	105567-08 	CDE 1.2_x86  (Solaris 2.6)
	104976-04 	OW 3.5.1     (Solaris 2.5.1)
	105124-03 	OW 3.5.1_x86 (Solaris 2.5.1_x86)
	103251-09 	OW 3.5       (Solaris 2.5)
	103273-07 	OW 3.5_x86   (Solaris 2.5_x86)
	101513-14 	OW 3.3	     (Solaris 2.3)
	100523-25	OW 3.0	     (SunOS 4.1.3/4.1.3C/4.1.3_U1/4.1.4)

Already released was (one week ago):

	105566-08	CDE 1.2 (Solaris 2.6/SPARC)


Casper

Next message: Paul Murphy: "Re: IGMP fragmentation bug - another behavior"
Previous message: Aleph One: "Re: Exploit of rpc.cmsd"
Maybe in reply to: Bob Todd: "Exploit of rpc.cmsd"
Next in thread: Casper Dik: "Re: Exploit of rpc.cmsd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:09 PDT