Re: Revisiting ufsdump under Solaris 2.6

[darren.moffat () UK Sun COM (Darren J Moffat - Enterprise Services OS Product Support Group)]

> > This vulnerability was patched over a month ago.
> >
> > Patch 106793-01 SPARC
> > Patch 106794-01 x86

> Great work! My Solaris 7 (X86) bought in december 1998
> is vulnerable to ufsdump sploit. If there is a patch out since
> early November for Solaris 2.6 why is nobody implenting it in
> Solaris 7?

The patches listed above are the Solaris 7 patches NOT the Solaris 2.6
patches.

> Confused and dissappointed,

Maybe I can thow some light on your confusion....

There is a cut off date for fixes well before the CD's are actually
cut to allow full system testing and many other distribution related
things to happen.   The fixes for ufsdump missed that cut off date and
were thus released as a patch just after Solaris 7.

Though you bought your copy of Solaris 7 x86 in December it was actually
released on the 27th October 98 (I had my CD on the 4th November).  The
CD's being shipped in december (and indeed now) don't have any patches
included in them.

There will be futher hardware releases of Solaris 7 each quarter - things
like the ufsdump patch will be included on those CDs or the patches are
available to contract customers as part of SunSolve Online or SunSolve CD.
Given that this particular patch is a security patch it is available in
the public section of SunSolve Online as well (http://sunsolve.sun.com)


Hope this helps.


--
Darren J Moffat