[2255] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Karl Strickland)
Wed Sep 20 20:02:24 1995
Date: Mon, 18 Sep 1995 19:41:07 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Karl Strickland <karl@bagpuss.demon.co.uk>
X-To: Goetz von Escher <goetz@open.ch>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <9509181249.ZM11707@baby> from "Goetz von Escher" at Sep 18,
95 12:49:58 pm
>
> I just called local Sun support. They don't know anything about this
> hole and they don't accept the 8lgm advisory as problem report as we
> cannot prove that the bug exists on *our* SunOS host. Outch! I cannot
> believe that nobody else has opened a service call or bug fix request
> (or whatever Sun calls this) at Sun Microsystems. They referred me to
> patch 100909-03 which fixed a hole in syslogd for SunOS 4.1.3...
>
> My questions are:
>
> - Is there an official patch from Sun and what's the patch-ID?
not as far as i know
> - Has anybody talked to Sun about this problem?
yes
> - Is Sun working on a patch?
yes.
Mark Graff is the man you want to speak to - graff@eng.sun.com. He's
in charge of sorting the patches out. Mark's told us (8LGM) that Sun have
produced exploitation code for this, and are working on a fix.
I dont know the status of it, perhaps Mark will reply as I know he
watches this list.
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
