Bugtraq mailing list archives
Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability
From: "Charles M. Richmond" <cmr () iisc com>
Date: Wed, 01 May 2002 08:34:13 -0400
It looks like this buffer overflow is also in the Sparc versions. Solaris 8 - Patch-ID# 108652-51 Solaris 8x86 - Patch-ID# 108653-41 There are also Solaris 7 patches available. 107654-09 (x86 107655-09) which in '-08' addressed a buffer overflow issue that affected suid/sgid X programs.
eSO Security Advisory: 3761 Discovery Date: July 5, 2001 ID: eSO:3761 Title: Sun Solaris lbxproxy display name buffer overflow vulnerability Impact: Local attackers can gain group root privileges Affected Technology: Sun Solaris 8 x86 Vendor Status: Vendor notified Discovered By: Kevin Kotas of the eSecurityOnline Research and Development Team CVE Reference: CAN-2002-0090 Advisory Location: http://www.eSecurityOnline.com/advisories/eSO3761.asp
*********************************************************************** * Charles Richmond Integrated International Systems Corporation * * cmr () iisc com cmr () acm org cmr () shore net http://www.iisc.com * * UNIX Internals, I18N, L10N, X, Realtime Imaging, and Custom S/W * * 131 Bishop's Forest Drive , Waltham , Ma. USA 02452 * * (781) 647 2269 FAX (781) 647 3665 Cellular (781) 389 9777 * ***********************************************************************
Current thread:
- Re: eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability Charles M. Richmond (May 01)