[25337] in bugtraq
Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy
daemon@ATHENA.MIT.EDU (rogersk@hushmail.com)
Wed May 1 13:15:35 2002
Date: 1 May 2002 16:34:59 -0000
Message-ID: <20020501163459.15759.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <rogersk@hushmail.com>
To: bugtraq@securityfocus.com
In-Reply-To: <200205011234.IAA10988@koibito.iisc.com>
The patch descriptions provided at sunsolve.sun.com only
describe the problem as "lbxproxy contains a buffer
overflow", and the dates do not appear to closely match the
discovery date quoted by eSecurityOnline. Is there any
stronger evidence that these patches fix this problem, and
not some unrelated issue with lbxproxy? Has anyone been
able to reproduce the original issue, as well as verifying
that the patch fixes it?
- rogersk@hushmail.com
>From: "Charles M. Richmond" <cmr@iisc.com>
>
>
>It looks like this buffer overflow is also in the Sparc
versions.
>Solaris 8 - Patch-ID# 108652-51
>Solaris 8x86 - Patch-ID# 108653-41
>
>There are also Solaris 7 patches available.
>107654-09 (x86 107655-09) which in '-08' addressed a buffer
>overflow issue that affected suid/sgid X programs.
>
>
>> eSO Security Advisory: 3761
>> Discovery Date: July 5, 2001
>> ID: eSO:3761
>> Title: Sun Solaris lbxproxy display
name buffer
>> overflow vulnerability
>> Impact: Local attackers can gain group
root privileges
>> Affected Technology: Sun Solaris 8 x86
>> Vendor Status: Vendor notified
>> Discovered By: Kevin Kotas of the
eSecurityOnline Research
>> and Development Team
>> CVE Reference: CAN-2002-0090
>>
>> Advisory Location:
>> http://www.eSecurityOnline.com/advisories/eSO3761.asp
>
>***********************************************************
************
>* Charles Richmond Integrated International Systems
Corporation *
>* cmr@iisc.com cmr@acm.org cmr@shore.net
http://www.iisc.com *
>* UNIX Internals, I18N, L10N, X, Realtime Imaging, and
Custom S/W *
>* 131 Bishop's Forest Drive , Waltham , Ma. USA
02452 *
>* (781) 647 2269 FAX (781) 647 3665 Cellular (781)
389 9777 *
>***********************************************************
************
>
