[12908] in bugtraq
Clarification needed on the snoop vuln(s)
daemon@ATHENA.MIT.EDU (Alfred Huger)
Thu Dec 9 17:30:41 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.9912091151500.11461-100000@www.securityfocus.com>
Date: Thu, 9 Dec 1999 11:56:11 -0800
Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM>
From: Alfred Huger <ah@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
As you all know, we have recently seen two /usr/sbin/snoop overflows.
Posted by both ISS and w00w00. Sun has released patches for the ISS
vulnerability, what I am wondering is, does this also solve the w00w00
problem.
For referance the patches in question are:
Solaris 7 sparc 108482-01
Solaris 7 x86 108483-01
Solaris 5.6 sparc 108492-01
Solaris 5.6 x86 108493-01
Solaris 5.5 sparc 108501-01
Solaris 5.5 x86 108502-01
Solaris 5.4 sparc 108490-01
Solaris 5.4 x86 108491-01
Solaris 5.3 sparc 108489-01
The vulnerabilties in question are:
ISS /usr/sbin/snoop:
http://www.securityfocus.com/bid/864
w00w00 /usr/sbin/snoop overflow:
http://www.securityfocus.com/bid/858
Alfred Huger
VP of Engineering
SecurityFocus.com
