Bugtraq mailing list archives

Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit

From: mib () deakin edu au (Mike Battersby)
Date: Tue, 19 Nov 1996 15:07:50 +1100


Russell Street writes:

with patch level 103615-01 and up. Try backing out of that patch and it

I have a 2.5 machines (SS4, SS10) that is vunerable.  It has no patches at


Our 2.5.1 machines don't have that patch installed.  They're vulnerable
with:

        hosts: dns
or      hosts: dns files

in nsswitch.conf, but as soon as you add "nis" in there the exploit program
just sends things into an infinite loop (it appears).

 - Mike

--
|   Mike Battersby                        |   mike () starbug bofh asn au        |
|   http://www.deakin.edu.au/~mib/        |   mib () deakin edu au               |

Current thread:

Irix: root exploit for LicenseManager, (continued)
- - - Irix: root exploit for LicenseManager Yuri Volobuev (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) moost () xs4all nl (Nov 20)
    - Ascend Killer Program Aleph One (Nov 17)
    - Serious hole in Solaris 2.5[.1] gethostbyname() (exploit included) Jeremy Elson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Craig Raskin (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Paul B. Henson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Russell Street (Nov 18)
    - ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Todd Vierling (Nov 18)
    - Re: ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Brian Harvell (Nov 20)
    - ssh w/ solaris 2.5.[1] Aleph One (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Mike Battersby (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Casper Dik (Nov 19)
    - Futile rexecd holes jaeger (Nov 18)
    - Re: Futile rexecd holes Roger Espel Llima (Nov 19)
    - Irix: new LicenseManager is safe? No way Yuri Volobuev (Nov 22)
    - Re: Futile rexecd holes Jon Peatfield (Nov 22)
    - Administratrivia Aleph One (Nov 22)
    - Administratrivia Scriptors of DOOM (Nov 23)
    - A Stupid script. Efrain Torres (Nov 22)
    - A Stupid script. Aleph One (Nov 24)
    - AIX lquerypv Aleph One (Nov 25)

(Thread continues...)