Clarification needed on the snoop vuln(s)

From: Alfred Huger (ahat_private)
Date: Thu Dec 09 1999 - 11:56:11 PST

Next message: Alfred Huger: "Clarification needed on the snoop vuln(s) (fwd)"

Previous message: der Mouse: "Re: Analysis of Tribe Flood Network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As you all know, we have recently seen two /usr/sbin/snoop overflows.
Posted by both ISS and w00w00. Sun has released patches for the ISS
vulnerability, what I am wondering is, does this also solve the w00w00
problem.

For referance the patches in question are:


Solaris 7	sparc	108482-01
Solaris 7 	x86	108483-01
Solaris 5.6	sparc	108492-01
Solaris 5.6	x86	108493-01
Solaris 5.5	sparc	108501-01
Solaris 5.5	x86	108502-01
Solaris 5.4	sparc	108490-01
Solaris 5.4	x86	108491-01
Solaris 5.3	sparc	108489-01

The vulnerabilties in question are:

ISS /usr/sbin/snoop:

http://www.securityfocus.com/bid/864


w00w00 /usr/sbin/snoop overflow:

http://www.securityfocus.com/bid/858

Alfred Huger
VP of Engineering
SecurityFocus.com

Next message: Alfred Huger: "Clarification needed on the snoop vuln(s) (fwd)"
Previous message: der Mouse: "Re: Analysis of Tribe Flood Network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:19:28 PDT