[12654] in bugtraq
Re: rpc.ttdbserverd on solaris 7
daemon@ATHENA.MIT.EDU (Elias Levy)
Fri Nov 19 16:37:08 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991119133030.Q14594@securityfocus.com>
Date: Fri, 19 Nov 1999 13:30:30 -0800
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
After talking to Casper and Dan Stronberg it seem the issue he
is seeing is Sun BugID 4204015 "dbserver SEGVs when rpc function 15 is
called with garbage". This vulnerability in Solaris 7 seem to be
triggered by the old rpc.ttdbserverd exploit. Please note that
an attacker can't make rpc.ttdbserverd execute code. It can simply
make it crash (dereferencing a NULL pointer). The problem is fixed
by Patch-ID# 107893-02. So no, Solaris 7 is not vulnerable to the
old rpc.ttdbserverd exploit in as much as it will only crash the
service, not execute code in the target system.
Also note that although the patch is not in the recommended patch list,
it is in the security path list which in effect makes it public.
--
Elias Levy
Security Focus
http://www.securityfocus.com/
