[11045] in bugtraq
Re: Exploit of rpc.cmsd
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Jul 16 20:37:21 1999
Message-Id: <199907152158.XAA14551@romulus>
Date: Thu, 15 Jul 1999 23:58:04 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: Dan Astoorian <djast@cs.toronto.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Thu, 15 Jul 1999 13:05:29 EDT."
<99Jul15.130533edt.45648-467@jane.cs.toronto.edu>
>(What about Solaris 2.4?)
Both CDE 1.0.1/1.0.2 (which have seperate rpc.cmsd binaries; these
were merged in later releases) and Solaris 2.4 patches will be released
at a later date.
>Be aware that when these patches[*] are applied, the existing rpc.cmsd
>process (if one exists) seems to be killed in a *prepatch* script--that
>is, *before* the programs are updated.
Thanks for noticing this; I've notified the persons responsible for
this patch; it will be addressed in a future release.
>I couldn't begin to speculate about why Sun didn't make this a postpatch
>script rather than a prepatch script.
Neither could I; it's a mistake.
Casper
