Bugtraq mailing list archives

Re: rpc.ttdbserverd on solaris 7 In-reply-to: Your message of "Tue, 16 Nov 1999 14:34:41 PST." <3831DC01.BFE5B400 () nis acs uci edu>

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Fri, 19 Nov 1999 13:30:30 -0800


After talking to Casper and Dan Stronberg it seem the issue he
is seeing is Sun BugID 4204015 "dbserver SEGVs when rpc function 15 is
called with garbage". This vulnerability in Solaris 7 seem to be
triggered by the old rpc.ttdbserverd exploit. Please note that
an attacker can't make rpc.ttdbserverd execute code. It can simply
make it crash (dereferencing a NULL pointer). The problem is fixed
by Patch-ID# 107893-02. So no, Solaris 7 is not vulnerable to the
old rpc.ttdbserverd exploit in as much as it will only crash the
service, not execute code in the target system.

Also note that although the patch is not in the recommended patch list,
it is in the security path list which in effect makes it public.

--
Elias Levy
Security Focus
http://www.securityfocus.com/

Current thread:

Re: rpc.ttdbserverd on solaris 7 In-reply-to: Your message of "Tue, 16 Nov 1999 14:34:41 PST." <3831DC01.BFE5B400 () nis acs uci edu> Elias Levy (Nov 19)

Bugtraq mailing list archives

Re: rpc.ttdbserverd on solaris 7 In-reply-to: Your message of &quot;Tue, 16 Nov 1999 14:34:41 PST.&quot; <3831DC01.BFE5B400 () nis acs uci edu>

Current thread:

Re: rpc.ttdbserverd on solaris 7 In-reply-to: Your message of "Tue, 16 Nov 1999 14:34:41 PST." <3831DC01.BFE5B400 () nis acs uci edu>