Bugtraq mailing list archives

Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability

From: <rogersk () hushmail com>
Date: 1 May 2002 16:34:59 -0000

In-Reply-To: <200205011234.IAA10988 () koibito iisc com>

The patch descriptions provided at sunsolve.sun.com only 
describe the problem as "lbxproxy contains a buffer 
overflow", and the dates do not appear to closely match the 
discovery date quoted by eSecurityOnline. Is there any 
stronger evidence that these patches fix this problem, and 
not some unrelated issue with lbxproxy? Has anyone been 
able to reproduce the original issue, as well as verifying 
that the patch fixes it?

- rogersk () hushmail com

From: "Charles M. Richmond" <cmr () iisc com>


It looks like this buffer overflow is also in the Sparc

versions.

Solaris 8 - Patch-ID# 108652-51
Solaris 8x86 - Patch-ID# 108653-41

There are also Solaris 7 patches available.
107654-09 (x86 107655-09) which in '-08' addressed a buffer
overflow issue that affected suid/sgid X programs.

eSO Security Advisory:  3761  
Discovery Date:         July 5, 2001 
ID:                     eSO:3761
Title:                  Sun Solaris lbxproxy display

name buffer

                        overflow vulnerability 
Impact:                 Local attackers can gain group

root privileges

Affected Technology:    Sun Solaris 8 x86 
Vendor Status:          Vendor notified
Discovered By:          Kevin Kotas of the

eSecurityOnline Research

                        and Development Team 
CVE Reference:          CAN-2002-0090 

Advisory Location:
http://www.eSecurityOnline.com/advisories/eSO3761.asp


***********************************************************

************

*  Charles Richmond    Integrated International Systems

Corporation   *

*  cmr () iisc com   cmr () acm org   cmr () shore net

http://www.iisc.com   *

*  UNIX Internals, I18N, L10N, X, Realtime Imaging, and

Custom S/W   *

*         131 Bishop's Forest Drive , Waltham , Ma. USA

02452         *

*  (781) 647 2269   FAX (781) 647 3665   Cellular (781)

389 9777      *

***********************************************************

************

Current thread:

Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability rogersk (May 01)
- <Possible follow-ups>
- Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability Ken . Williams (May 01)