[11018] in bugtraq
Re: Exploit of rpc.cmsd
daemon@ATHENA.MIT.EDU (Casper Dik)
Wed Jul 14 12:35:32 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199907140828.KAA25785@romulus>
Date: Wed, 14 Jul 1999 10:28:43 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Tue, 13 Jul 1999 15:24:52 PDT."
<19990713152452.F26190@underground.org>
>Several exploits for rpc.cmsd seems to be floating around. This
>vulnerability is being actively exploited. The vulnerability
>is known to exist at least in Solaris 7, possibly in earlier
>versions.
>
>Sun patch 107022-02 does not fix the vulnerability. Sun
>has been informed and they are working on a patch. Should be
>fixed in 107022-03.
The following patches have now been released:
107022-03 CDE 1.3 (Solaris 7/SPARC)
107023-03 CDE 1.3_x86 (Solaris 7/x86)
105567-08 CDE 1.2_x86 (Solaris 2.6)
104976-04 OW 3.5.1 (Solaris 2.5.1)
105124-03 OW 3.5.1_x86 (Solaris 2.5.1_x86)
103251-09 OW 3.5 (Solaris 2.5)
103273-07 OW 3.5_x86 (Solaris 2.5_x86)
101513-14 OW 3.3 (Solaris 2.3)
100523-25 OW 3.0 (SunOS 4.1.3/4.1.3C/4.1.3_U1/4.1.4)
Already released was (one week ago):
105566-08 CDE 1.2 (Solaris 2.6/SPARC)
Casper
