Re: [Full-Disclosure] iDEFENSE OSF1/Tru64 3.x vuln clarification

From: Ian A. Finlay (iafat_private)
Date: Fri Sep 20 2002 - 08:09:37 PDT

  • Next message: Lance Fitz-Herbert: "Yet Another. Trillian 'JOIN' Overflow." 

    Hi KF et al.,

> This was the information CERT STILL has not released... (included in our
> labor day release)

Most of them have been published (see http://www.kb.cert.org/vuls). Some 
are still pending, and we will get them out as soon as we can. Thanks again 
for reporting these to us Kevin.

VU#612833 08/30/2002 HP Tru64 UNIX "ping" contains locally exploitable 
vulnerability (SSRT2229)
VU#846307 08/30/2002 HP Tru64 UNIX "dxsysinfo" contains buffer overflow 
(SSRT2275)
VU#693803 08/30/2002 HP Tru64 UNIX "dxpause" contains buffer overflow 
(SSRT2275)
VU#584243 08/30/2002 HP Tru64 UNIX "dtsession" contains buffer overflow 
(SSRT2282)
VU#320067 08/30/2002 HP Tru64 UNIX "dtterm" contains buffer overflow 
(SSRT2280)
VU#408771 08/30/2002 HP Tru64 UNIX "mailcv" contains buffer overflow 
(SSRT2193)
VU#506441 08/30/2002 HP Tru64 UNIX ".upd..loader" contains buffer overflow 
(SSRT2275)
VU#416427 05/09/2002 HP Tru64 UNIX "deliver" contains buffer overflow 
(SSRT2275)
VU#567963 08/30/2002 HP Tru64 UNIX "imapd" contains buffer overflow 
(SSRT2275)
VU#531355 08/30/2002 HP Tru64 UNIX "rdist" contains buffer overflow 
(SSRT2275)
VU#916443 09/10/2001 HP Tru64 UNIX "msgchk" contains buffer overflow 
(SSRT2275)
VU#592515 08/30/2002 HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)
VU#158499 08/30/2002 HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)
VU#448987 08/30/2002 HP Tru64 UNIX "uucp" contains buffer overflow 
(SSRT2275)
VU#437899 08/30/2002 HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
VU#173977 08/30/2002 HP Tru64 UNIX "ps" contains buffer overflow (SSRT2256)
VU#115731 05/22/2002 HP Tru64 UNIX "quot" contains buffer overflow 
(SSRT2191)
VU#435611 08/30/2002 HP Tru64 UNIX "at" contains buffer overflow (SSRT2189)
VU#771155 07/19/2002 HP Tru64 UNIX "ipcs" contains buffer overflow 
(SSRT0794U)
VU#602009 08/30/2002 HP Tru64 UNIX "binmail" contains buffer overflow 
(SSRT0796U)
VU#955065 08/30/2002 HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)
VU#651377 08/30/2002 HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)
VU#557481 08/30/2002 HP Tru64 UNIX "lpq" contains buffer overflow (SSRT2275)
VU#293305 08/30/2002 HP Tru64 UNIX "lprm" contains buffer overflow 
(SSRT2260)
VU#965097 08/30/2002 HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
VU#629289 08/30/2002 HP Tru64 UNIX "traceroute" contains buffer overflow 
(SSRT2261)
VU#177067 08/01/2002 HP Tru64 UNIX "passwd" contains buffer overflow 
(SSRT2192)
VU#706817 08/31/2002 HP Tru64 UNIX "ypmatch" contains buffer overflow 
(SSRT2277)
VU#193347 04/17/2002 HP Tru64 UNIX contains buffer overflow in libc 
libraries (SSRT2257)

Regards,
Ian

Internet Systems Security Analyst - CERT/CC Operations
Networked Systems Survivability Program
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CERT (R) Coordination Center             Email: certat_private
Software Engineering Institute           WWW: http://www.cert.org
Carnegie Mellon University               Hotline: +1-412-268-7090
Pittsburgh, PA  USA  15213-3890          FAX: +1-412-268-6989
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

    This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 10:33:47 PDT