Bugtraq mailing list archives
Re: CERT Advisory CA-96.19 - Vulnerability in expreserve
From: casper () holland Sun COM (Casper Dik)
Date: Sun, 18 Aug 1996 15:47:35 +0200
Sun Microsystems, Inc. ====================== System Patch ID Filename MD5 Checksum - ------ -------- --------------- ----------- SunOS 101080-01 101080-01.tar.Z 53c8a5c4eee770924560c5fc100542a3 Solaris 2.0 101119-01 101119-01.tar.Z No longer available Solaris 2.1 101089-01 101089-01.tar.Z No longer available Solaris 2.2 101090-01 101090-01.tar.Z e9ff98823abbc75d95410a0cb7856644 Solaris 2.3 Solaris 2.4 102756-01 102756-01.tar.Z 61f4a48ddba41ae1c27e70b84f4c8d87 Solaris 2.4_x86 102757-01 102757-01.tar.Z 1f2b7f3824565ef849eb3c4677567399I love Sun. Are we to *assume* that 2.5 and 2.5.1 are immune?
You mean, you love CERT for mangling the information like this? Contrary to what the CERT advisories will have you believe, the security problem exists in 2.3 and before, whether patched or not. (In 2.3 and before the problem was though solved by not having expreserve run set-uid root; unfortunately, there was an oversight in this reasoning: expreserve is run by root at system boot) The problem does not exist in 2.4 + patches nor does it exist in 2.5 and later. Casper
Current thread:
- Re: Possible bufferoverflow condition in lpr, xterm and xload, (continued)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
- Tracking tools? David Miller (Aug 14)
- Re: Tracking tools? Gene Titus (Aug 15)
- Re: Tracking tools? neill (Aug 15)
- Re: Tracking tools? Tracy R. Reed (Aug 15)
- SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)
- CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
- Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)
- Re: Tracking tools? Greg Miller (Aug 15)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- Re: mail storm Darrell Fuhriman (Aug 13)
- Re: mail storm Ed Arnold (Aug 14)
- list mail meta-question der Mouse (Aug 13)