[8950] in bugtraq

home help back first fref pref prev next nref lref last post

Re: SUN almost has a clue! (automountd)

daemon@ATHENA.MIT.EDU (Michael Russell)
Tue Jan 5 13:36:49 1999

Date: 	Tue, 5 Jan 1999 09:10:13 -0500
Reply-To: Michael_Russell@Brown.EDU
From: Michael Russell <Michael_Russell@BROWN.EDU>
To: BUGTRAQ@NETSPACE.ORG

>  Vulnerability: Automountd
>  Operating System: SUN Solaris
>  Versions affected: 2.5, 2.5.1, 2.6, 2.7 (X86 and SPARC architectures)

I tested this exploit on several systems and I found the following:
  2.5 - not vulnerable with my testing
  2.5.1 - vulnerable for patch 104654-03 and below, not vulnerable
          once 104654-04 or higher applied.
  2.6 - not tested
  2.7 - not tested

Perhaps the forged DNS would have made 2.5.1 104654-04+ vulnerable,
  but using the suggested test with "/etc/hosts" did not.

Has anyone else done any useful testing and/or have any opinions
  on what to do to thwart this?  It appears to me that putting
  2.5.1 patch 104654-05 (current) takes care of the problem.
  Am I missing something?

                                        Michael Russell
                                        Michael_Russell@Brown.EDU
                                        Senior Systems Programmer
                                        Brown University
                                        Providence, RI  02912  USA

home help back first fref pref prev next nref lref last post