After talking to Casper and Dan Stronberg it seem the issue he is seeing is Sun BugID 4204015 "dbserver SEGVs when rpc function 15 is called with garbage". This vulnerability in Solaris 7 seem to be triggered by the old rpc.ttdbserverd exploit. Please note that an attacker can't make rpc.ttdbserverd execute code. It can simply make it crash (dereferencing a NULL pointer). The problem is fixed by Patch-ID# 107893-02. So no, Solaris 7 is not vulnerable to the old rpc.ttdbserverd exploit in as much as it will only crash the service, not execute code in the target system. Also note that although the patch is not in the recommended patch list, it is in the security path list which in effect makes it public. -- Elias Levy Security Focus http://www.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:19 PDT