Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Sun libnsl lameness

Re: Sun libnsl lameness

Matt Conover (mattcREPSEC.COM)
Wed, 8 Jul 1998 19:44:28 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris A. Henesy: "DoS: ANS Interlock Firewall"
Previous message: Edward Lewis EDU SE Nashville: "Re: Sun libnsl lameness"
In reply to: Allanah Myles: "Re: Sun libnsl lameness"
Next in thread: Edward Lewis EDU SE Nashville: "Re: Sun libnsl lameness"

On Mon, 6 Jul 1998, Allanah Myles wrote:

> >                These vulnerabilities are present in Sun Microsystem's
> >                Solaris 2.2, 2.3, 2.4 and 2.5.1.
>
> They fail to mention 2.6 - is this because this announcement was
> pre-2.6, or is it fixed in 2.6?
>

At the time, I myself didn't have access to a Solaris 2.6. I had verified
them a on Solaris 2.5.1, and later Mark had verified them on the other
versions. Now I recall hearing that Solaris 2.6 was vulnerable, but I
haven't confirmed that, so don't quote me on it. I'll check. Also, Sun has
been nice enough to provide us with a Solaris 2.7 to do some testing.

> This is another perfect example of why Sun should go back into the
> hardware design and architecture business, and get OUT of the
> OS/software business.  Leave software design to real software
> designers.
>

Speaking for myself here, I like Sun. I like [most] of their
employees. For the record, I think it's unfair to judge a company's entire
ability off one field. Your opinion is biased on security. I must say that
I think several things are overlooked when it comes to Sun.

Example: If a company is great with security, but terrible with
portability, reliability, technical support... does that make them better
than a company that is good overall, but lousy in a few
fields? I don't think so.

*****************************************************************************
Matt Conover <mattrepsec.com>                  RSI R&D Team
-----------------------------------------------------------------------------
RepSec, Inc. (RSI)                              [http://www.repsec.com]
w00w00 Security Development (WSD)               [http://www.w00w00.org]
*****************************************************************************

Next message: Chris A. Henesy: "DoS: ANS Interlock Firewall"
Previous message: Edward Lewis EDU SE Nashville: "Re: Sun libnsl lameness"
In reply to: Allanah Myles: "Re: Sun libnsl lameness"
Next in thread: Edward Lewis EDU SE Nashville: "Re: Sun libnsl lameness"