OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: New Solaris root exploit for /usr/lib/lp/bin/netpr
From: Darren Moffat - Solaris Sustaining Engineering (Darren.MoffatUK.SUN.COM)
Date: Mon May 15 2000 - 11:37:43 CDT

>I have not tested either of these on Solaris 8, but I am expecting it to
>be vulnerable. It also appears that Solaris 2.6 on SPARC machines may not
>be exploitable unless patch 106235-03 or patch 106235-04 is installed.
>How about that? Keep up on your patches and get owned faster. Let's hope
>that Sun puts this buffer overflow silliness to rest soon. No more buffer
>overflows will mean no more buffer overflow exploits.

I'm told by my colleagues who look after printing that this is fixed in:

5.6 SPARC T106235-05 Intel T106235-05
5.7 SPARC T107115-04 Intel T106235-04
5.8 SPARC 109320-01 Intel T109321-01

Tpatches are available only to customers with a maintenance contract until
they patches become official.

These patches will become part of the recommended patch set in due course. 

--
Darren J Moffat