Bugtraq mailing list archives

Re: New Solaris root exploit for /usr/lib/lp/bin/netpr

From: Darren.Moffat () UK SUN COM (Darren Moffat - Solaris Sustaining Engineering)
Date: Mon, 15 May 2000 17:37:43 +0100

I have not tested either of these on Solaris 8, but I am expecting it to
be vulnerable.  It also appears that Solaris 2.6 on SPARC machines may not
be exploitable unless patch 106235-03 or patch 106235-04 is installed.
How about that?  Keep up on your patches and get owned faster.  Let's hope
that Sun puts this buffer overflow silliness to rest soon.  No more buffer
overflows will mean no more buffer overflow exploits.


I'm told by my colleagues who look after printing that this is fixed in:

5.6 SPARC T106235-05 Intel T106235-05
5.7 SPARC T107115-04 Intel T106235-04
5.8 SPARC 109320-01  Intel T109321-01

Tpatches are available only to customers with a maintenance contract until
they patches become official.

These patches will become part of the recommended patch set in due course.

--
Darren J Moffat

Current thread:

Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Darren Moffat - Solaris Sustaining Engineering (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
  - Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Casper Dik (May 15)
  - kscd vulnerability Sebastian (May 16)
    - Re: kscd vulnerability Matt Wilson (May 24)
    - Re: kscd vulnerability Sebastian (May 25)
    - more majordomo brokeness Federico G. Schwindt (May 23)
    - Re: more majordomo brokeness Richard Trott (May 31)
    - I think Jay Mobley (May 23)
    - Re: kscd vulnerability Katherine M. Moussouris (May 25)
  - Cisco Bug Esteve Espuna (May 16)

(Thread continues...)