[34240] in bugtraq
Re: Immunity Advisory: Solaris local kernel root
daemon@ATHENA.MIT.EDU (Dave Aitel)
Thu Mar 25 14:05:13 2004
Message-ID: <406271C1.40306@immunitysec.com>
Date: Thu, 25 Mar 2004 00:44:33 -0500
From: Dave Aitel <dave@immunitysec.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <200403241034.i2OAYSD03705@sunnl.Holland.Sun.COM>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Casper Dik wrote:
>I wonder why you even bother publishing this; at the time the document
>claims to have been written, half the listed Solaris revisions had already
>patches out for them; Solaris 10, which technically doesn't exist yet, had
>the bug already fixed in its most recent Solaris Express builds.
>
>
By our math, January 22nd, 2004 is after December 2003, which is when
this exploit was first made available to Vulnerability Sharing Club
members. At that point there were no patches for any Solaris, as far as
we were aware. We would like to think that the additional information we
provided, including a working exploit, was valuable to many members of
the information security community.
Thanks,
Dave Aitel
Vice President, Public and Media Relations
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking for non assembly programers"
646-327-8429
