[7215] in bugtraq
Sun libnsl patches
daemon@ATHENA.MIT.EDU (Mike Sorsen)
Fri Jul 10 12:45:45 1998
Date: Thu, 9 Jul 1998 16:52:00 -0500
Reply-To: mike.sorsen@EDWARDJONES.COM
From: Mike Sorsen <mike.sorsen@EDWARDJONES.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807090137.LAA22611@hestia.its.deakin.edu.au>
> Mike Battersby writes:
> If anyone had actually bothered to look at Sunsolve or call Sun support
> before jumping to rash conclusions they would have realised that Sun
> actually fixed these problems some time in June [...]
These patches reference "rpc.nisd buffer overflow" in the README.
Do they cover all the exposures? Note that Sun just released patches for
"libnsl buffer overflows" over the past couple of days.
I guess I will have to call them myself to get the real scoop.
> The only patch I have first hand knowledge of is the 2.5.1 patch, which
> is 103612-41, but Sun assure me that similar patches are available for
> other releases.
The following patches from early June are to fix "rpc.nisd buffer overflow":
101973-35 SunOS 5.4: libnsl, nistbladm & ypbind fixes
101974-35 SunOS 5.4_x86: libnsl, nistbladm & ypbind fixes
103187-38 SunOS 5.5: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch
103188-38 SunOS 5.5_x86: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch
103612-41 SunOS 5.5.1: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch
103613-41 SunOS 5.5.1_x86: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch
105401-13 SunOS 5.6: libnsl and NIS+ commands patch
105402-13 SunOS 5.6_x86: libnsl and NIS+ commands patch
Then the following patches were released a couple of days ago to fix "libnsl buffer overflows":
101973-36 SunOS 5.4: libnsl, nistbladm & ypbind fixes patches
101974-36 SunOS 5.4_x86: libnsl, nistbladm & ypbind fixes patches
105401-14 SunOS 5.6: libnsl and NIS+ commands patch patches
105402-14 SunOS 5.6_x86: libnsl and NIS+ commands patch
These are public patches, so you can get them from
ftp://sunsolve.sun.com/pub/patches or the
http://sunsolve.sun.com/sunsolve/pubpatches/patches.html web page.
Mike Sorsen
I speak for myself, not for my employer or Sun.
