[11028] in bugtraq
Re: Exploit of rpc.cmsd
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Jul 15 14:58:04 1999
Message-Id: <199907142140.XAA13750@romulus>
Date: Wed, 14 Jul 1999 23:40:26 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 14 Jul 1999 13:46:32 EDT."
<199907141746.NAA01165@obelix.cse.Buffalo.EDU>
Many people told me that they couldn't find the patches.
Not even the one that was supposed to have been released a week ago.
>>The following patches have now been released:
>>
>> 107022-03 CDE 1.3 (Solaris 7/SPARC)
These patches should show up on SunSolve shortly; (Ok, so I should have known
Aleph posts quicker than Sun's patch process)
Solaris 2.4 is vulnerable, AFAIK, but the patches for it haven't been
finished yet.
>>
>>
>>Already released was (one week ago):
>>
>> 105566-08 CDE 1.2 (Solaris 2.6/SPARC)
>
>*Where* have they been released?
This is a typo; the x86 patch is rev -08 but the same patch as SPARC patch
is rev -07, make that:
105566-07 CDE 1.2 (Solaris 2.6/SPARC)
which is available on SunSolve.
Sorry for the confusion; I should have checked SunSolve prior to
mailing Aleph.
Patches will be available on the public patch sites shortly.
Casper
