Bugtraq mailing list archives
Re: Solaris 2.5.1 patch not effective?
From: rap () UCLINK BERKELEY EDU (Richard Peters)
Date: Thu, 11 Jun 1998 16:51:19 -0700
At 4:28 PM -0500 6/11/98, Steve Siirila wrote:
I can confirm that the patch 104490-05 is indeed ineffective against at least one root compromise bug. We experienced such a compromise recently even with the latest security patches (including 104490-05) installed. We decided to simply make ufsdump/ufsrestore non-setuid, non-setgid as they are never run by non-root users at our site anyways.
We also have evidence patch 104490-05 does not fully address the problem. In a e-mail responce we received from Sun on May 23 in regards to our security concerns about ufsrestore at current patch level, they stated they were working on patches for ufsrestore. Richard Peters University of California at Berkeley
Current thread:
- Solaris 2.5.1 patch not effective? Tom Perrine (Jun 09)
- Re: Solaris 2.5.1 patch not effective? Steve Siirila (Jun 11)
- CERT Summary CS-98.06 Phillip R. Jaenke (Jun 11)
- Re: Solaris 2.5.1 patch not effective? Richard Peters (Jun 11)
- <Possible follow-ups>
- Solaris 2.5.1 patch not effective? Pete Ashdown (Jun 19)
- Re: Solaris 2.5.1 patch not effective? Steve Siirila (Jun 11)