Re: rpc.ttdbserverd on solaris 7

From: Elias Levy (aleph1at_private)
Date: Fri Nov 19 1999 - 13:30:30 PST

Next message: Brent Paulson: "Re: rpc.ttdbserverd on solaris 7"

Previous message: Michal Zalewski: "Re: lynx 2.8.x - 'special URLs' anti-spoofing protection is weak"
Maybe in reply to: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Next in thread: Brent Paulson: "Re: rpc.ttdbserverd on solaris 7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After talking to Casper and Dan Stronberg it seem the issue he
is seeing is Sun BugID 4204015 "dbserver SEGVs when rpc function 15 is
called with garbage". This vulnerability in Solaris 7 seem to be
triggered by the old rpc.ttdbserverd exploit. Please note that
an attacker can't make rpc.ttdbserverd execute code. It can simply
make it crash (dereferencing a NULL pointer). The problem is fixed
by Patch-ID# 107893-02. So no, Solaris 7 is not vulnerable to the
old rpc.ttdbserverd exploit in as much as it will only crash the
service, not execute code in the target system.

Also note that although the patch is not in the recommended patch list,
it is in the security path list which in effect makes it public.
--
Elias Levy
Security Focus
http://www.securityfocus.com/

Next message: Brent Paulson: "Re: rpc.ttdbserverd on solaris 7"
Previous message: Michal Zalewski: "Re: lynx 2.8.x - 'special URLs' anti-spoofing protection is weak"
Maybe in reply to: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Next in thread: Brent Paulson: "Re: rpc.ttdbserverd on solaris 7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:19 PDT