[27257] in bugtraq
Re: Solaris 2.6, 7, 8
daemon@ATHENA.MIT.EDU (Christopher X. Candreva)
Wed Oct 2 16:30:58 2002
Date: Wed, 2 Oct 2002 14:04:13 -0400 (EDT)
From: "Christopher X. Candreva" <chris@westnet.com>
To: Dave Ahmad <da@securityfocus.com>
In-Reply-To: <Pine.LNX.4.43.0210021134540.12460-100000@mail.securityfocus.com>
Message-ID: <Pine.GSO.4.44.0210021400190.17581-100000@westnet>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 2 Oct 2002, Dave Ahmad wrote:
> I suggest that everyone here who still uses telnet disable it immediately.
. . or install the latest Recomended patch cluster, which you should have
done anyway.
> These may be fixes for this vulnerablity, however they apply to telnetd
> and this vulnerability has to be in login.
There are patches for /bin/login as well On Solaris 8 it's 111085-02, dated
Dec 13 2001:
I haven't been able to reproduce this on a system with 111085-02 installed.
==========================================================
Chris Candreva -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
