Bugtraq mailing list archives

Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit

From: r.street () AUCKLAND AC NZ (Russell Street)
Date: Tue, 19 Nov 1996 16:01:27 +1300

After doing some playing around, it looks like this only affects machines
with patch level 103615-01 and up. Try backing out of that patch and it
should fix the problem.


I have a 2.5 machines (SS4, SS10) that is vunerable.  It has no patches at
all installed.

The exploit does not work on my 2.5.1 Ultra-1.  Presumably this is
just a matter of getting the machine code right for the platform. ;)

Russell
 ----
 Russell Street <r.street () auckland ac nz> Is it really Wednesday today?

Current thread:

Magic password of some linux-box(Hardware..), (continued)
- - - Magic password of some linux-box(Hardware..) Seo Euiseong (Nov 17)
    - rplayd on HPUX 10.1 Henrik P Johnson (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) Sergiu Popovici (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) Sergei A. Golubchik (Nov 19)
    - Irix: root exploit for LicenseManager Yuri Volobuev (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) moost () xs4all nl (Nov 20)
    - Ascend Killer Program Aleph One (Nov 17)
    - Serious hole in Solaris 2.5[.1] gethostbyname() (exploit included) Jeremy Elson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Craig Raskin (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Paul B. Henson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Russell Street (Nov 18)
    - ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Todd Vierling (Nov 18)
    - Re: ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Brian Harvell (Nov 20)
    - ssh w/ solaris 2.5.[1] Aleph One (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Mike Battersby (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Casper Dik (Nov 19)
    - Futile rexecd holes jaeger (Nov 18)
    - Re: Futile rexecd holes Roger Espel Llima (Nov 19)
    - Irix: new LicenseManager is safe? No way Yuri Volobuev (Nov 22)
    - Re: Futile rexecd holes Jon Peatfield (Nov 22)
    - Administratrivia Aleph One (Nov 22)

(Thread continues...)