Bugtraq mailing list archives

big fat gethostbyname() hole

From: pashdown () xmission com (Pete Ashdown)
Date: Mon, 18 Nov 1996 15:26:39 -0700


I found that ssh and fping were also affected by the Solaris 2.5/2.5.1 hole.
This brings the list to:

        ping
        traceroute
        rsh
        rlogin
        fping
        ssh

Any others?

Thanks Jeremy for finding this one.

Current thread:

Major Security Vulnerabilities in Remote CD Databases, (continued)
- - - Major Security Vulnerabilities in Remote CD Databases David J. Meltzer (Nov 26)
    - Re: Major Security Vulnerabilities in Remote CD Databases itudps (Nov 26)
    - lquerypv fix Troy Bollinger (Nov 25)
    - HP Bug of the Week! Aleph One (Nov 23)
    - HP Bug of the Week: OFS Aleph One (Nov 23)
    - Serious BIND resolver problem. Oliver Friedrichs (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Alan Cox (Nov 19)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Joe Zbiciak (Nov 19)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Tim Newsham (Nov 20)
  - Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Jim Dennis (Nov 17)
  - big fat gethostbyname() hole Pete Ashdown (Nov 18)
- sendmail-8.8.3 released Jared Mauch (Nov 17)