|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Matthew Potter (mpotter
ATPCO.COM)Date: Tue Dec 19 2000 - 18:56:42 CST
- Next message: Michal Zalewski: "Oracle WebDb engine brain-damagse"
- Previous message: Trustix Secure Linux Team: "Trustix Security Advisory - stunnel"
- In reply to: Jonathan Fortin: "Solaris patchadd(1) (3) symlink vulnerabilty"
- Next in thread: Paul Szabo: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Reply: Matthew Potter: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Solutions:
Well it is good policy to add patches in single user mode IF YOU CAN. I
recall seeing a warning in "install_cluster" to install in single usermode
if you can.... Maybe that was a while ago when they used to have "jumbo"
patches.
1) init S
2) patchadd
>
>Race Condition
>remote NO
>local YES
>
>Vulnerable: I only checked Solaris 2.7 sparc with latest install_cluster
what arch? sun4u?
uname -a ?
- Next message: Michal Zalewski: "Oracle WebDb engine brain-damagse"
- Previous message: Trustix Secure Linux Team: "Trustix Security Advisory - stunnel"
- In reply to: Jonathan Fortin: "Solaris patchadd(1) (3) symlink vulnerabilty"
- Next in thread: Paul Szabo: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Reply: Matthew Potter: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]