Re: FOLLOWUP: Solaris 2.6 ufsdump/ufsrestore vulnerability

[eugene.bradley () erols com (Eugene Bradley)]

-----BEGIN PGP SIGNED MESSAGE-----

Sorry to follow up on my own post -- seems the PGP
software, MUA, and MIME attachments don't get along well.

Here's the attached email message I was referring to in
my last post...


- -----Forwarded Message--------
Date: Wed, 17 Jun 1998 13:06:26
From: "xxxxxxxxxxxxxxxxx" <xxxxxxxxxxxxxxxxx () sun com>
Subject:  SS # xxxxxxx


Jun O4 1998

Trial binary fix for bugs.

 Bug Id: 4078445
 Synopsis: ufsdump buffer overrun can coredump or be
exploited for root access

 Bug Id: 4132365
 Release summary: 2.6
 Synopsis: Security vulnerability on ufsdump and restore
in 2.6 and 2.6 x86

fixes core dump for
/usr/lib/fs/ufs/ufsdump 1 `perl -e 'print "a" x 2000'`
/usr/lib/fs/ufs/ufsrestore xf `perl -e 'print "a" x 2000'`

Trial binary available for testing and binary relief.
has fixes only for exploits mentioned in bug reports.

Product developement is currently working on more
complete fix.
If fix goes on schedule, It will be about three weeks
(end of June 1998)
before a complete 5.6 fix is available for testing.

- -rwxrwxrwx   1 xxxxx    staff        927 Jun  4 14:56
README
- -rwxr-xr-x   1 xxxxx    staff     195560 Jun  4 13:47
ufsdump
- -rwxr-xr-x   1 xxxxx    staff    1022356 May  5 07:53
ufsrestore

% sum u*
51160 382 ufsdump
62088 1997 ufsrestore


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850

iQCVAgUBNYhmquNY3xV+5qZBAQEoFQP/XypGTq0d+NDn6ciixW6MHEab4TY8a6Hi
tbzL0xdVPv49HPVXsCBW4I0PvP8NX5aZuqU+LmbmZ1VIf9h3VeplmM6DvihBU133
niJip7+JNheR+q8BmVlQSv6huB8AT1/fCdeiFJXeeFoGzVlmu23MMNi4+sq5VWZ9
J51H4JNcrX4=
=Gf5u
-----END PGP SIGNATURE-----
--
Eugene Bradley -- Just Another Random Solaris administrator
eugene.bradley () erols com (Personal ONLY!) -- PGP key ID Ox7EE6A641
PGP key available by sending me mail with "GET KEY" in the Subject: line
homepage is @ http://www.geocities.com/SiliconValley/Haven/9323/