Bugtraq mailing list archives
Re: SUN almost has a clue! (automountd)
From: Michael_Russell () Brown EDU (Michael Russell)
Date: Tue, 5 Jan 1999 09:10:13 -0500
Vulnerability: Automountd Operating System: SUN Solaris Versions affected: 2.5, 2.5.1, 2.6, 2.7 (X86 and SPARC architectures)
I tested this exploit on several systems and I found the following:
2.5 - not vulnerable with my testing
2.5.1 - vulnerable for patch 104654-03 and below, not vulnerable
once 104654-04 or higher applied.
2.6 - not tested
2.7 - not tested
Perhaps the forged DNS would have made 2.5.1 104654-04+ vulnerable,
but using the suggested test with "/etc/hosts" did not.
Has anyone else done any useful testing and/or have any opinions
on what to do to thwart this? It appears to me that putting
2.5.1 patch 104654-05 (current) takes care of the problem.
Am I missing something?
Michael Russell
Michael_Russell () Brown EDU
Senior Systems Programmer
Brown University
Providence, RI 02912 USA
Current thread:
- Re: SUN almost has a clue! (automountd) Friedrichs, Oliver (Jan 04)
- Re: SUN almost has a clue! (automountd) Andreas Bogk (Jan 05)
- Re: SUN almost has a clue! (automountd) David LeBlanc (Jan 06)
- <Possible follow-ups>
- Re: SUN almost has a clue! (automountd) Scott (Jan 04)
- Re: SUN almost has a clue! (automountd) Alan Cox (Jan 05)
- Re: SUN almost has a clue! (automountd) Michael Russell (Jan 05)
- Re: SUN almost has a clue! (automountd) der Mouse (Jan 05)
- Re: SUN almost has a clue! (automountd) Friedrichs, Oliver (Jan 05)
- Re: SUN almost has a clue! (automountd) Huger, Alfred (Jan 05)
- Re: SUN almost has a clue! (automountd) Andreas Bogk (Jan 05)