Bugtraq mailing list archives
Clarification needed on the snoop vuln(s)
From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Thu, 9 Dec 1999 11:56:11 -0800
As you all know, we have recently seen two /usr/sbin/snoop overflows. Posted by both ISS and w00w00. Sun has released patches for the ISS vulnerability, what I am wondering is, does this also solve the w00w00 problem. For referance the patches in question are: Solaris 7 sparc 108482-01 Solaris 7 x86 108483-01 Solaris 5.6 sparc 108492-01 Solaris 5.6 x86 108493-01 Solaris 5.5 sparc 108501-01 Solaris 5.5 x86 108502-01 Solaris 5.4 sparc 108490-01 Solaris 5.4 x86 108491-01 Solaris 5.3 sparc 108489-01 The vulnerabilties in question are: ISS /usr/sbin/snoop: http://www.securityfocus.com/bid/864 w00w00 /usr/sbin/snoop overflow: http://www.securityfocus.com/bid/858 Alfred Huger VP of Engineering SecurityFocus.com
Current thread:
- Re: Analysis of Tribe Flood Network, (continued)
- Re: Analysis of Tribe Flood Network Stefan Laudat (Dec 10)
- Error in System Policies Adam Simms (Dec 10)
- Re: Analysis of Tribe Flood Network Mixter (Dec 11)
- Big problem on linux 2.0 visi0n (Dec 11)
- Re: Big problem on linux 2.0 visi0n (Dec 11)
- Re: Big problem on linux 2.0 Andrea Arcangeli (Dec 14)
- HP-UX: Security Vulnerability in wu-ftp Aleph One (Dec 13)
- Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)
- Clarification needed on the snoop vuln(s) Alfred Huger (Dec 09)
- Re: FTP denial of service attack Renaud Deraison (Dec 07)
- FTP DoS - PORT and PASV effected. Darren Reed (Dec 07)
- Re: FTP DoS - PORT and PASV effected. Henrik Nordstrom (Dec 09)
- Re: FTP denial of service attack Hugo.van.der.Kooij () CAIW NL (Dec 08)
- Re: FTP denial of service attack Paulo Licio de Geus (Dec 09)
- [Debian] New version of htdig released Aleph One (Dec 10)
- Fundamental flaw in UnixWare 7 security Brock Tellier (Dec 10)