[8950] in bugtraq
Re: SUN almost has a clue! (automountd)
daemon@ATHENA.MIT.EDU (Michael Russell)
Tue Jan 5 13:36:49 1999
Date: Tue, 5 Jan 1999 09:10:13 -0500
Reply-To: Michael_Russell@Brown.EDU
From: Michael Russell <Michael_Russell@BROWN.EDU>
To: BUGTRAQ@NETSPACE.ORG
> Vulnerability: Automountd
> Operating System: SUN Solaris
> Versions affected: 2.5, 2.5.1, 2.6, 2.7 (X86 and SPARC architectures)
I tested this exploit on several systems and I found the following:
2.5 - not vulnerable with my testing
2.5.1 - vulnerable for patch 104654-03 and below, not vulnerable
once 104654-04 or higher applied.
2.6 - not tested
2.7 - not tested
Perhaps the forged DNS would have made 2.5.1 104654-04+ vulnerable,
but using the suggested test with "/etc/hosts" did not.
Has anyone else done any useful testing and/or have any opinions
on what to do to thwart this? It appears to me that putting
2.5.1 patch 104654-05 (current) takes care of the problem.
Am I missing something?
Michael Russell
Michael_Russell@Brown.EDU
Senior Systems Programmer
Brown University
Providence, RI 02912 USA