[2256] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Ian MacPhedran)
Wed Sep 20 22:33:53 1995
Date: Wed, 20 Sep 1995 18:25:14 -0600
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Ian MacPhedran <Ian_MacPhedran@dvinci.usask.ca>
X-To: Goetz von Escher <goetz@open.ch>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <9509192354.ZM13966@baby>
On Tue, 19 Sep 1995, Goetz von Escher wrote:
> On Sep 19, 4:33pm, Sten Gunterberg wrote:
> >
> > There's no patch yet, but Sun is apparently working on one. The Bug-IDs
> > are 1219835 for Solaris 1.x (SunOS 4.x) and 1220257 for Solaris 2.x.
> > Try to give those to local Sun support and see what happens :-)
>
> Solaris 2.x ??? - I thought this is a BSD problem? Are you telling
> me that *all* my Solaris boxes are vulnerable too?
As well as those from other vendors. This is not strictly a Sun problem.
> Also local Sun support told me that the patch for Bug 1219835 has been
> integrated into SunOS 4.1.4 and there probably won't be a patch for
> older versions! Here's the bug info they sent me:
>
> Bug Id: 1219835
> Product: sunos
> Category: utility
> Subcategory: other
> Release summary: 4.1.3, 4.1.4, 4.1.3_U1, 4.1
> Bug/Rfe: bug
> State: integrated
Here's the latest header on that bug report:
Bug Id: 1219835
Category: utility
Subcategory: other
State: fixed
Release summary: 4.1.3_U1, 4.1.4, 4.1.3, no-v4, 4.1, 5.4, 5.3
Synopsis: Syslog(3) can be abused to gain root access on 4.X systems
Integrated in releases:
Patch id:
Description:
Note that there are _NO_ entries for "integrated in releases" nor "patch
id".
> But now I'm really getting confused when I read the mail by Andy Cowley
> who said:
>
> On Sep 19, 4:17pm, andy@btc.uwe.ac.uk wrote:
> > > - Is Sun working on a patch?
> > ...
> > patches are available to existing fault call owners. If the problem
> > is severe for you persuade Sun to send them. They are :-
> >
> > 4.1.3_U1 domestic libc = T101759-04
> > 4.1.3_U1 international libc = T101558-07
> > 4.1.4 domestic libc = T102544-03
> > 4.1.4 international libc = T102545-03
> >
> > These are betas and Sun will expect testing and a report.
>
> So why would there be a test patch for SunOS 4.1.4 if it was fixed
> in that release? I guess one of you guys is wrong.
Your local Sun person was probably wrong. Have them recheck their
information. Note that there is mention of a patch (100909) in bug report
1219835 which is thought to have fixed this which would have been
included in 4.1.3_U1, and 4.1.4. However, it appears that this may not be
the case.
Ian.
----------------------------------------------------------------------------
Ian MacPhedran, Engineering Computer Centre, 2B13 Engineering Building,
University of Saskatchewan, 57 Campus Drive, Saskatoon SK S7N 5A9, CANADA
Phone: (306)966-4832 Fax: (306)966-5205 Email: Ian_MacPhedran@engr.USask.CA
