[5201] in testers
talkd security hole redux for 9.1 Solaris machines
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jun 5 01:58:40 2002
Date: Wed, 5 Jun 2002 01:54:32 -0400
Message-Id: <200206050554.BAA18586@error-messages.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: beta-announce@mit.edu, testers@mit.edu
It was pointed out tonight that I made an error propagating the
inetd.conf change in 9.1.6, such that the vendor talkd (which is
vulnerable to a remote root security hole) was not actually disabled.
People with 9.1 Solaris machines should take the 9.1.8 patch release
(which I just put out) or manually disable the native talkd.
