Bugtraq mailing list archives
Sun libnsl patches
From: mike.sorsen () EDWARDJONES COM (Mike Sorsen)
Date: Thu, 9 Jul 1998 16:52:00 -0500
Mike Battersby writes: If anyone had actually bothered to look at Sunsolve or call Sun support before jumping to rash conclusions they would have realised that Sun actually fixed these problems some time in June [...]
These patches reference "rpc.nisd buffer overflow" in the README. Do they cover all the exposures? Note that Sun just released patches for "libnsl buffer overflows" over the past couple of days. I guess I will have to call them myself to get the real scoop.
The only patch I have first hand knowledge of is the 2.5.1 patch, which is 103612-41, but Sun assure me that similar patches are available for other releases.
The following patches from early June are to fix "rpc.nisd buffer overflow": 101973-35 SunOS 5.4: libnsl, nistbladm & ypbind fixes 101974-35 SunOS 5.4_x86: libnsl, nistbladm & ypbind fixes 103187-38 SunOS 5.5: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch 103188-38 SunOS 5.5_x86: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch 103612-41 SunOS 5.5.1: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch 103613-41 SunOS 5.5.1_x86: libc, libnsl, libucb, nis_cachemgr and rpc.nisd patch 105401-13 SunOS 5.6: libnsl and NIS+ commands patch 105402-13 SunOS 5.6_x86: libnsl and NIS+ commands patch Then the following patches were released a couple of days ago to fix "libnsl buffer overflows": 101973-36 SunOS 5.4: libnsl, nistbladm & ypbind fixes patches 101974-36 SunOS 5.4_x86: libnsl, nistbladm & ypbind fixes patches 105401-14 SunOS 5.6: libnsl and NIS+ commands patch patches 105402-14 SunOS 5.6_x86: libnsl and NIS+ commands patch These are public patches, so you can get them from ftp://sunsolve.sun.com/pub/patches or the http://sunsolve.sun.com/sunsolve/pubpatches/patches.html web page. Mike Sorsen I speak for myself, not for my employer or Sun.
Current thread:
- Alert: ASP vulnerability with Alternate Data Streams, (continued)
- Alert: ASP vulnerability with Alternate Data Streams Aleph One (Jul 02)
- ::$DATA ISAPI filter Aleph One (Jul 02)
- ePerl: bad handling of ISINDEX queries Tiago Luz Pinto (Jul 06)
- Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
- Re: ePerl: bad handling of ISINDEX queries Steve Willer (Jul 08)
- notes on Port scanning Lloyd Vancil (Jul 08)
- WWW Authorization Gateway Albert Nubdy (Jul 08)
- Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
- Re: Sun libnsl lameness Allanah Myles (Jul 06)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Scott Stubbs (Jul 09)
- Sun libnsl patches Mike Sorsen (Jul 09)
- Re: Sun libnsl lameness Matt Conover (Jul 08)
- DoS: ANS Interlock Firewall Chris A. Henesy (Jul 09)
- Administrivia Aleph One (Jul 09)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Andy Polyakov (Jul 03)
- Re: Sun libnsl lameness Matt Conover (Jul 03)
- UPDATE: SSH insertion attack Ivan Arce (Jul 03)
- [rootshell] Security Bulletin #20 Aleph One (Jul 06)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 09)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 10)