[10990] in bugtraq
Re: Exploit of rpc.cmsd
daemon@ATHENA.MIT.EDU (Stephen C Woods)
Mon Jul 12 12:34:17 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <199907101329.GAA49908@cirrus.seas.ucla.edu>
Date: Sat, 10 Jul 1999 06:29:38 -0700
Reply-To: Stephen C Woods <scw@SEAS.UCLA.EDU>
From: Stephen C Woods <scw@SEAS.UCLA.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
105566-06 was installed on our machine that was hit, When I reported it
to Sun I recieved e-mail that they are working on a fresh fix, and it'll
be available 'soon'. Perhaps this time they'll fix all the buffer
overflows. Luckly the twerp that went after my machine was a clueless
twit and didn't know what he was about, also the machine was fairly well
protected agains the common forms of attack.
> I want to point out that there is a rather fresh 105566-07 for Solaris
> 2.6 which claims "4230754 Possible buffer overflows in rpc.cmsd" fixed.
> There is rather old 103670-03 for Solaris 2.5[.1] which claims "1264389
> rpc.cmsd security problem." fixed. Then there is 104976-03 claiming
> "1265008 : Solaris 2.x rpc.cmsd vulnerabity" fixed. Are these the ones
> you refer to as "patched versions" and "could be problematic"?
>
> Andy.
>
-----
Stephen C. Woods; UCLA SEASnet; 2567 Boelter hall; LA CA 90095; (310)-825-8614
Finger for public key scw@cirrus.seas.ucla.edu,Internet mail:scw@SEAS.UCLA.EDU
