Bugtraq mailing list archives
Re: New Solaris root exploit for /usr/lib/lp/bin/netpr
From: Casper.Dik () HOLLAND SUN COM (Casper Dik)
Date: Tue, 16 May 2000 08:23:39 +0200
On Mon, May 15, 2000 at 05:37:43PM +0100, Darren Moffat - Solaris Sustaining Engineering wrote:I have not tested either of these on Solaris 8, but I am expecting it to be vulnerable. It also appears that Solaris 2.6 on SPARC machines may not be exploitable unless patch 106235-03 or patch 106235-04 is installed. How about that? Keep up on your patches and get owned faster. Let's hope that Sun puts this buffer overflow silliness to rest soon. No more buffer overflows will mean no more buffer overflow exploits.I'm told by my colleagues who look after printing that this is fixed in: 5.6 SPARC T106235-05 Intel T106235-05 5.7 SPARC T107115-04 Intel T106235-04 5.8 SPARC 109320-01 Intel T109321-01I think that should be 106236-05 for 5.6 x86, and 107116-04, for 5.7 x86.
Correct, the corrected lists looks like: 5.6 SPARC T106235-05 Intel T106236-05 5.7 SPARC T107115-04 Intel T107116-04 5.8 SPARC 109320-01 Intel T109321-01 Only the Solaris 8 patch has been released sofar. Casper
Current thread:
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Darren Moffat - Solaris Sustaining Engineering (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Casper Dik (May 15)
- kscd vulnerability Sebastian (May 16)
- Re: kscd vulnerability Matt Wilson (May 24)
- Re: kscd vulnerability Sebastian (May 25)
- more majordomo brokeness Federico G. Schwindt (May 23)
- Re: more majordomo brokeness Richard Trott (May 31)
- I think Jay Mobley (May 23)
- Re: kscd vulnerability Katherine M. Moussouris (May 25)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
- Re: Cisco Bug James Sneeringer (May 16)
- Security Bulletins Digest (fwd) Mike Bush (May 17)