Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: scott () Disclosure COM (Scott Barman)
Date: Mon, 18 Sep 1995 12:07:56 -0400
On Mon, 18 Sep 1995, Goetz von Escher wrote:
I just called local Sun support. They don't know anything about this hole and they don't accept the 8lgm advisory as problem report as we cannot prove that the bug exists on *our* SunOS host. Outch! I cannot believe that nobody else has opened a service call or bug fix request (or whatever Sun calls this) at Sun Microsystems. They referred me to patch 100909-03 which fixed a hole in syslogd for SunOS 4.1.3...
Sun is usually a little slow in responding to these reports. I think they look at them with caution, which may be a good thing, before issuing their own "statement." However, if Sun said they had "a" fix for one hole in syslogd, then you may want to check it out. NOTE: I am not saying it is bad that Sun takes their time to respond. I would rather see them analyze the problem and react properly than hastily (but they should respond in a timely manner). As for me... I replaced my syslog with the one from NetBSD with no major hastles.
My questions are: - Is there an official patch from Sun and what's the patch-ID?
If they gave you the above patch number, that's all they have at this time.
- Has anybody talked to Sun about this problem?
I talk to Sun about a lot of things... mainly to friends who work there and they're getting tired of hearing from me! :-) When you talk to Sun about any problem with SunOS (or Solaris 1.1 as they'd rather call it) and you'll get the corporate response: "upgrade" to Solaris 2. Sources tell me that by mid-96, SunOS will be treated like a leper child similar to the way they treat the old MC68K-based systems. Sun is no longer doing development on SunOS and that even security patches will stop at that time. If you can, you may want to look into replacing SunOS with NetBSD. I think that is my next step (I am not a fan of Solaris 2).
- Is Sun working on a patch?
Probably. If it makes these groups (BUGTRAQ and Firewalls, usually) they may move quicker. Sun's patch archive for non-contract customers is available via ftp at sunsolve1.sun.com:/pub/patches. They do have a Web page, but I use ncftp and find it easier just to deal with their ftp site. scott barman -- scott barman DISCLAIMER: I speak to anyone who will listen, scott () disclosure com and I speak only for myself. barman () ix netcom com "Micro$oft and Windoze/NT will be the cause of the de-evolution of network security just as the original PC and BASIC was the cause of the de-evolution of programming."
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 14)
- Livingston bugs... Jay 'Whip' Grizzard (Sep 12)
- Re: Livingston bugs... Phillip Moore (Sep 12)
- Re: Livingston bugs... Dave Andersen (Sep 12)
- Re: Livingston bugs... Mike A Lyons (Sep 12)
- LACC Julian Assange (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)