Bugtraq mailing list archives
Re: rpc.ttdbserverd on solaris 7 In-reply-to: Your message of "Tue, 16 Nov 1999 14:34:41 PST." <3831DC01.BFE5B400 () nis acs uci edu>
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Fri, 19 Nov 1999 13:30:30 -0800
After talking to Casper and Dan Stronberg it seem the issue he is seeing is Sun BugID 4204015 "dbserver SEGVs when rpc function 15 is called with garbage". This vulnerability in Solaris 7 seem to be triggered by the old rpc.ttdbserverd exploit. Please note that an attacker can't make rpc.ttdbserverd execute code. It can simply make it crash (dereferencing a NULL pointer). The problem is fixed by Patch-ID# 107893-02. So no, Solaris 7 is not vulnerable to the old rpc.ttdbserverd exploit in as much as it will only crash the service, not execute code in the target system. Also note that although the patch is not in the recommended patch list, it is in the security path list which in effect makes it public. -- Elias Levy Security Focus http://www.securityfocus.com/
Current thread:
- Re: rpc.ttdbserverd on solaris 7 In-reply-to: Your message of "Tue, 16 Nov 1999 14:34:41 PST." <3831DC01.BFE5B400 () nis acs uci edu> Elias Levy (Nov 19)