[17277] in bugtraq
Re: Solaris libc locale format string exploit
daemon@ATHENA.MIT.EDU (Atro Tossavainen)
Fri Oct 20 11:48:34 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200010201054.e9KAsPf26081@sirppi.helsinki.fi>
Date: Fri, 20 Oct 2000 13:54:25 +0300
Reply-To: Atro.Tossavainen@helsinki.fi
From: Atro Tossavainen <atossava@CC.HELSINKI.FI>
X-To: solareclipse@PHREEDOM.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001019192159.A17735@sluncho.nailed.org> from "Solar,
Eclipse" at "Oct 19, 2000 07:21:59 pm"
> On Sep 8, 2000 Warning3 posted an exploit for the Solaris
> libc locale format string vulnerability. This was more than
> a month ago.
>
> This bug has not been fixed yet. The Securityfocus vulnerability database
> shows no patches for the locale bug on Solaris. Sun's website does not
> even mention the existance of this bug.
My local Sun rep told me on Oct 3 that they have fixes ready for all
supported software releases and platforms and that evaluation patches
would be sent to customers in a few days.
Obviously not.
I asked him again yesterday, with the response that the kernel update
process for all supported software releases and platforms is rather
tedious and lengthy, and that's why it's taking so long.
I'm not happy, and the people I work for are even less so, but it's
better than not hearing back from them at all.
--
Atro Tossavainen (Mr.) | The Institute of Biotechnology at the
Systems Analyst | University of Helsinki, Finland, employs
+358-9-19158939 | me, but my opinions are my own.
< URL : http : / / www . iki . fi / atro . tossavainen / >
