Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Scott Chasin (chasinCRIMELAB.COM)
Fri, 18 Aug 1995 10:03:33 MDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Owen Thomas: "sendmail alternative?"
Previous message: Arve Kjoelen: "BUGTRAQ ALERT: Solaris 2.x"

[casperHOLLAND.SUN.COM wrote]:

> > Just to add my two cents to the discussion:
> >         - this is a known problem


> So why wasn't it more publically announced. Sun could easily have issued a
> new binary very publically and without saying what they had fixed.
>

Mark Graff relayed to me that Sun has known about this for about 2 weeks
or so.

[casperHOLLAND.SUN.COM wrote]:
> >         - it is fixed in 2.5 (by using fchown, not chown, both versions of ps)

Apparently this is *NOT* fixed in the 2.5 release. At least not the copy I
have.  And I believe someone else has contested to this fact as well.

> So why didnt you tell people instead of negligently leaving them exposed

This is the old full-disclosure debate.  I don't think we should be getting
into this here.

> Otherwise known as the majority of people who are less technically clued up.
> Vendors need to improve their methods.
>
> Alan


--Scott
chasincrimelab.com

Next message: Robert Owen Thomas: "sendmail alternative?"
Previous message: Arve Kjoelen: "BUGTRAQ ALERT: Solaris 2.x"