Re: Exploit of rpc.cmsd

Casper Dik (casperHOLLAND.SUN.COM)
Wed, 14 Jul 1999 10:28:43 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Paul Murphy: "Re: IGMP fragmentation bug - another behavior"
• Previous message: Aleph One: "Re: Exploit of rpc.cmsd"
• In reply to: John Hall: "Re: Exploit of rpc.cmsd"
• Next in thread: Dan Astoorian: "Re: Exploit of rpc.cmsd"
• Next in thread: John Hall: "Re: Exploit of rpc.cmsd"
• Reply: Dan Astoorian: "Re: Exploit of rpc.cmsd"

>Several exploits for rpc.cmsd seems to be floating around. This
>vulnerability is being actively exploited. The vulnerability
>is known to exist at least in Solaris 7, possibly in earlier
>versions.
>
>Sun patch 107022-02 does not fix the vulnerability. Sun
>has been informed and they are working on a patch. Should be
>fixed in 107022-03.

The following patches have now been released:

        107022-03 CDE 1.3 (Solaris 7/SPARC)
        107023-03 CDE 1.3_x86 (Solaris 7/x86)
        
        105567-08 CDE 1.2_x86 (Solaris 2.6)
        104976-04 OW 3.5.1 (Solaris 2.5.1)
        105124-03 OW 3.5.1_x86 (Solaris 2.5.1_x86)
        103251-09 OW 3.5 (Solaris 2.5)
        103273-07 OW 3.5_x86 (Solaris 2.5_x86)
        101513-14 OW 3.3 (Solaris 2.3)
        100523-25 OW 3.0 (SunOS 4.1.3/4.1.3C/4.1.3_U1/4.1.4)

Already released was (one week ago):

        105566-08 CDE 1.2 (Solaris 2.6/SPARC)

Casper

• Next message: Paul Murphy: "Re: IGMP fragmentation bug - another behavior"
• Previous message: Aleph One: "Re: Exploit of rpc.cmsd"
• In reply to: John Hall: "Re: Exploit of rpc.cmsd"
• Next in thread: Dan Astoorian: "Re: Exploit of rpc.cmsd"
• Next in thread: John Hall: "Re: Exploit of rpc.cmsd"
• Reply: Dan Astoorian: "Re: Exploit of rpc.cmsd"

This archive was generated by hypermail 2.0b3 on Tue Jul 13 1999 - 18:35:20 CDT